Jordon,
On 2013-10-28 23:41, Jordon Bedwell wrote:
> Apparently my laptops touchpad was on so let me reword it:
>
> In Ruby a blank string is not a null bit so if you set :default => ""
> it will allow blank strings, which is what you consider a null string
> even though there is no such thing. Which means if you want :default
> => "" you need to have your model validate with :allow_blank => false,
> or you need to ALLOW_NULL 0 and remove the :default => "".
>
> The preferable solution from both a security and proper application
> standpoint is to tell both the model and the db that it doesn't want
> null or blank strings because it's faster to have the model do blank?
> than it is to hit the db and have it return and error and complete a
> cycle (short-circuiting is a good thing.) The db protection is simply
> to protect yourself against manual entries and edge cases in the
> application.
Right - I should have realised that what I was looking at was the DB
stuff - I have found:
.gem/ruby/bundler/gems/devise-4e2cdc2d5b81/lib/devise/models/validatable.rb
and it seems to have some stuff in it that is relevant - I will check
that out.
Thanks,
Phil.
--
Philip Rhoades
GPO Box 3411
Sydney NSW 2001
Australia
E-mail: phil@pricom.com.au.
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/c8799ae41bc6d9e88501751edec7ed43%40localhost.
For more options, visit https://groups.google.com/groups/opt_out.
No comments:
Post a Comment