0
I Use This!
Activity Not Available

Project Summary

October 1, 2007 - This project is now served from the Corkboard repository. Check out http://secure-associations.warehouse.corkboardinc.com

SecureAssociationsMore often than not, I find foreign keys need to be protected from bulk updates. This plugin adds :protected option to ActiveRecord associations

ExampleLet's say you've got a model like:

class User < ActiveRecord::Base
has_many :widgets
end

class Widget < ActiveRecord::Base
belongs_to :user
endAll well and good until you get to a controller that looks like:

class WidgetsController < ApplicationController
def create
@widget = current_user.widgets.build(params[:widget])
if @widget.save
redirect_to widgets_url
else
render :action=>'edit'
end
end
endAny user could inject widgets into another user with by POST'ing:

:widget=>{:name=>'ownage', :user_id=>'1'}Solution? Protect the user attributes of Widget

class Widget < ActiveRecord::Base
belongs_to :user
attr_protected :user, :user_id
endOf course both user and user_id need to be protected since both can be assigned through the build or update_attributes method.

Enter SecureAssociationsRather than clutter up models with lots of attr_protected calls, SecureAssociations provides a shorthand hook so you'll never forget:

class Widget < ActiveRecord::Base
belongs_to :user, :protected=>true
endThe :protected attribute currently works on belongs_to and has_many.

InstallationInside your Rails project do:

script/plugin install http://secure-associations.googlecode.com/svn/plugins/secure_associationsSince this plug is still under active development, you may want to link the source directly to the repository. Whenever you do svn update on your project, secure_associations will also update

script/plugin install -x http://secure-associations.googlecode.com/svn/plugins/secure_associations

Tags

activerecord associations rails ruby

In a Nutshell, secure-associations...

 No code available to analyze

Open Hub computes statistics on FOSS projects by examining source code and commit history in source code management systems. This project has no code locations, and so Open Hub cannot perform this analysis

Is this project's source code hosted in a publicly available repository? Do you know the URL? If you do, click the button below and tell us so that Open Hub can generate statistics! It's fast and easy - try it and see!

Add a code location

MIT License
Permitted

Commercial Use

Modify

Distribute

Private Use

Sub-License

Forbidden

Hold Liable

Required

Include Copyright

Include License

These details are provided for information only. No information here is legal advice and should not be used as such.

All Licenses

This Project has No vulnerabilities Reported Against it

Did You Know...

  • ...
    Black Duck offers a free trial so you can discover if there are open source vulnerabilities in your code
  • ...
    anyone with an Open Hub account can update a project's tags
  • ...
    nearly 1 in 3 companies have no process for identifying, tracking, or remediating known open source vulnerabilities
  • ...
    learn about Open Hub updates and features on the Open Hub blog

 No code available to analyze

Open Hub computes statistics on FOSS projects by examining source code and commit history in source code management systems. This project has no code locations, and so Open Hub cannot perform this analysis

Is this project's source code hosted in a publicly available repository? Do you know the URL? If you do, click the button below and tell us so that Open Hub can generate statistics! It's fast and easy - try it and see!

Add a code location

Community Rating

Be the first to rate this project
Click to add your rating
   Spinner
Review this Project!
Sample ohloh analysis