Protect foreign keys from mass assignment

This is part of the Semicolon&Sons Code Diary - consisting of lessons learned on the job. You're in the security category.

Last Updated: 2024-04-17

The most important non-obvious fields to prevent from being mass-assigned in user-facing forms are those pertaining to foreign keys (e.g. user_id in project_s). This is because changes in foreign keys references can bubble into being changes in access control and information privacy.

Get Episode Alerts and Freebies

We publish a video once every week, on Sundays. Every 2nd video is completely free to watch.

If you'd like, we can remind you via email when a new episode is released. We'll also keep you up to date about the top-secret game we're developing for learning programming.

Impressum
RSS
Privacy Policy

Semicolon & Sons