CSC/ECE 517 Fall 2017/E1784 Fix mass assignments reported by Brakeman.rb: Difference between revisions
Jump to navigation
Jump to search
Line 1: | Line 1: | ||
== Expertiza Background == | == Expertiza Background == | ||
Expertiza is a web application where students can submit and peer-review learning objects (articles, code, web sites, etc). It is used in select courses at NC State and by professors at several other colleges and universities. | Expertiza is a web application where students can submit and peer-review learning objects (articles, code, web sites, etc). It is used in select courses at NC State and by professors at several other colleges and universities. | ||
== Project Description == | |||
With the help of mass assignment, when we create or update certain object, we do not need to write an assignment statement for each attribute. But mass assignment could cause security vulnerabilities. Hackers could add other parameters to do some bad things. Rails 4 introduces strong parameters, which is a new approach to protect mass assignment. So our group needs to resolve all these "Unprotected mass assignment" issues according to Brakeman report. | |||
== Implementation == | |||
=== Problem 1: Mass assignment is not restricted using attr_accessible === | |||
Previsouly, | |||
[[File:Team node.rb.png]] |
Revision as of 20:28, 25 October 2017
Expertiza Background
Expertiza is a web application where students can submit and peer-review learning objects (articles, code, web sites, etc). It is used in select courses at NC State and by professors at several other colleges and universities.
Project Description
With the help of mass assignment, when we create or update certain object, we do not need to write an assignment statement for each attribute. But mass assignment could cause security vulnerabilities. Hackers could add other parameters to do some bad things. Rails 4 introduces strong parameters, which is a new approach to protect mass assignment. So our group needs to resolve all these "Unprotected mass assignment" issues according to Brakeman report.