Project

mongoid-rails

0.0
No commit activity in last 3 years
No release in over 3 years
mongoid-railsconradirwin/mongoid-railsHomepageDocumentationSource CodeBug TrackerWiki
Strong parameter integration between rails and mongoid
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
13,238
Stars
6
Forks
3
Watchers
2
 Releases
Current version
4.1.0
Total releases
4
First release
2014-01-17
Latest release
2017-04-18
 Pull Requests
Open Pull Requests
1
Closed Pull Requests
0
Merged Pull Requests
2
Pull Request Acceptance Rate
66%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2015-04-13
Reverse Dependencies
0

 Dependencies

Runtime

mongoid
< 7, >= 4.0
 Project Readme

mongoid-rails is the safest way to use MongoDB with Rails 3 or 4.

Installation

Add mongoid-rails to your Gemfile.

gem 'mongoid-rails'

Then run bundle install.

What does it do?

Mongoid rails provides protection against hash-injection attacks in mongoid.

Forbidden attributes protection

This causes things like User.create(setings: params[:settings]) to raise an exception. If you want to create a user from parameters, you need to explicitly permit the fields that you want to allow.

User.create(settings: params[:settings].permit(:favorite_color))

This prevents an attacker from sneakily setting params[:settings][:admin] = true or similar.

Forbidden query protection

This protects you against query injection attacks. It makes the following code safe:

User.where(api_token: params[:api_token])

Without mongoid-rails an attacker can send ?api_token[$gt]= to guess api tokens from your app. With mongoid-rails that will cause an exception to be raised.

Meta

mongoid-rails is released under the MIT license. See LICENCE.MIT for details.