I have a main form representing the model, let’s call that ‘Order’, and
partial displaying its’ OrderLines.
I use the bulk update methods to initialize model objects directly from
data, leaving validation of business logic to the model. As AR likes to
write stuff before i do an explicit save, I wrap the whole update in a
This works for valid data, but how do i deal with attacks? If people can
override either primary or foreign keys, things will get really messy.
Are validations in the model sufficient to deal with this? What happens
read a row that’s just been updated, but not yet commited to the db;
probably get the new data, so comparing to existing data will have to
in the controller?
Any suggestions appreciated.
View this message in context:
Sent from the RubyOnRails Users forum at Nabble.com.