Terralien crew member Matthew Bass has a great article over on his weblog outlining how to use protected attributes to protect your Rails models from malicious use. Definitely worth a read, both to understand one of the vulnerabilities that a Rails application can have, and how to combat it.
Using Protected Attributes in your Rails Models
Posted by Nathaniel
on Nov 28th, 2006
You can still contact Nathaniel at nathaniel@terralien.com