RailsCasts Pro episodes are now free!

Learn more or hide this

tomasz154's Profile

GitHub User: tomasz154

Comments by


Hey Ryan!

I'm new to Rails and I really like Your screencasts.
However, I think I've found kind of security flaw in this one.

In password_resets_controller.rb you do:


It allows the user to change any attribute he wants using prepared form/request.

I realize this is just an example, and in production you probably wouldn't do it, but still, it's not good example IMHO.

Correct me if I'm wrong.