Using XHR within Ruby on Rails is as easy as adding up 1 and 1. We use e.g. the link_to_remote helper and point it to a controllers action. The small problem here is that the XHR actions are all available publicly. So calling the action directly within the browser works as well. I say ‘small’ […]

Using the ActionControllers params method directly within your models can be very risky. You know doing this: User.new(params[:user]). Someone could easily create his own form adding additional parameters and therefore updating your model without your knowledge. The reason is clear: you take all available attributes with params. This article shows some solutions to protect your […]

During the past two weeks I jumped on the train of hype and started to learn (and develop) with Ruby on Rails. I have to admit that I am very impressed so far. It seems to be exactly what I need. For this reason I might blog a bit about RoR in the future. However, […]