Hey guys, is there a validation that essentially acts the opposite way
of “validates_presence_of”. That is, the attribute in question must be
nil, or blank, non-existent. If not, what’s the best way to prevent a
user from altering a web form attempting to submit data to a field
that they should never have access to?
What you’re looking for is attr_accessible and/or attr_protected:
If you were to do that in validation it would render the attribute
virtually useless. You would have to bypass validation altogether in
order to set it at all. What you really want is to disallow mass
assignment of the attribute. That’s what the above methods do.