开发者

Rails form protection questions, hidden field

开发者 https://www.devze.com 2022-12-25 06:15 出处:网络
I have a live rails website and I want to have a form with a lot of fields on it. I have set up validations and allowed formatting for every field. I\'ve tested it quite a bit and it seems to catch an

I have a live rails website and I want to have a form with a lot of fields on it. I have set up validations and allowed formatting for every field. I've tested it quite a bit and it seems to catch anything I throw at it. I think it's almost ready to go live, but I want to quadruple check if there's anything else I should do to protect it. My site 开发者_StackOverflowhas a low volume of visitors, but I want it to be a safe as possible. I'd like to avoid using a captcha if I can. I've read that you can use a hidden field to protect forms against bots. Do people recommend this instead of using a captcha, or even using it with a captcha?

my form is really standard:

<% form_for(@entry) do |f| %>
  ...
  <%= f.submit 'Create' %>
<% end %>

Any suggestions or code samples would be greatly appreciated.


You should whitelist a list of attributes that the user is allowed to edit in your model using attr_accessible


Write tests/specs for your models/controllers/views?

0

精彩评论

暂无评论...
验证码 换一张
取 消