Rails - Dec 2005 - Cleansing form value Hash's

So I''m looking for a nice simple way of doing this.

When I have form field names in the format of record[attr1] record[attr2] etc so
that I can just call .update_attributes(params[:record]) I run into the problem
of a malicious user being able to submit an extra form value with the name of a
foreign_key column.

Is there a simple way I can clean a hash of all association ids?  I''d
be fine
with writing my own method I''m just not sure of a way to get a list of
association id''s for any given AR object.

Any help is appreciated.

- steve

steve dp wrote:
> So I''m looking for a nice simple way of doing this.
> 
> When I have form field names in the format of record[attr1] record[attr2]
etc so
> that I can just call .update_attributes(params[:record]) I run into the
problem
> of a malicious user being able to submit an extra form value with the name
of a
> foreign_key column.
> 
> Is there a simple way I can clean a hash of all association ids? 
I''d be fine
> with writing my own method I''m just not sure of a way to get a
list of
> association id''s for any given AR object.
Is attr_protected what you want?
     http://api.rubyonrails.com/classes/ActiveRecord/Base.html#M000704

-- 
We develop, watch us RoR, in numbers too big to ignore.