Hi, What''s your best practice about the email attribute of a registered user in your DB. I don''t want people to be able to change email. But what''s best? 1) protect the email attribute with attr_protected or attr_accessible and suffer the pain of having to do user.email = .... everywhere in your code and tests 2) Keep email accessible, but write a custom update_attributes that filters the email attribute? -- Posted via http://www.ruby-forum.com/.
Maybe Matching Threads
- User.protected_attributes returning empty Set instead of nil -- causing activerecord/lib/base:2307 to raise
- protect_from_forgery doesnt protect from forgery
- WARNING: Can't mass-assign these protected attributes: active
- Testing attr_accessible (and/or attr_protected)
- attr_accessible on some properties + attr_protected on others makes class 'open-by-default'