RailsCasts Pro episodes are now free!
Learn more or hide this
GitHub User: codeduffer
Well I'm a comparative newbie here but with my limited Rails4 work I would suggest whitelisting by doing this (using Ryan's example). In the private area of the books controller add the author_ids to the book_params:
params.require(:book).permit( ... many attributes...., :author_ids => )