`attr_accessible` should only be used to protect the attributes that are NEVER modified by users
But web app developer may not be able to know in advance what new columns might be added on the database, possibly by some other team. If I understand this right, in the absence of attr_accessible, any new columns are completely writable by the HTTP request.
So having a default-deny whitelist approach is the only sane strategy.
Trying to use `attr_accessible` to protect everything leads to enough frustration to make one eventually give up on security.
Or give up on Rails. Usually the basic security of the database is not negotiable.
But web app developer may not be able to know in advance what new columns might be added on the database, possibly by some other team. If I understand this right, in the absence of attr_accessible, any new columns are completely writable by the HTTP request.
So having a default-deny whitelist approach is the only sane strategy.
Trying to use `attr_accessible` to protect everything leads to enough frustration to make one eventually give up on security.
Or give up on Rails. Usually the basic security of the database is not negotiable.