GitHub User: tomasz154
I'm new to Rails and I really like Your screencasts.
However, I think I've found kind of security flaw in this one.
In password_resets_controller.rb you do:
It allows the user to change any attribute he wants using prepared form/request.
I realize this is just an example, and in production you probably wouldn't do it, but still, it's not good example IMHO.
Correct me if I'm wrong.