It's common in tutorials and quickstart guides, usually with a note saying that ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		cdcarter on March 4, 2012 \| parent \| context \| favorite \| on: Hacked: commit to rails master on GitHub It's common in tutorials and quickstart guides, usually with a note saying that you really should be protecting things and not using mass-assignment. It just makes the blog in 5 minutes videos cleaner.

Scriptor on March 4, 2012 [–]

Reminds me of all the PHP tutorials floating around that only treat security as a side note. Essentially, the default configuration with Rails seems to be that users can set the data for any database column. It's almost as bad as register_globals...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact