Railscasts.com episode #26 - Hackers love mass assignment

Narnach posted a link to railscasts.com and tagged it with ruby, rails, security

Screencast on the benefits of using attr_accessible and attr_protected in your ActiveRecord models. There are security risks if you don't use them, while you do allow mass assignment.