I haven't switched to Rails 4 yet & have been looking into strong_params. I'm liking what I'm seeing & would like to use it on 1 model only. Seems simple but I'm suppose to comment out 'config.active_record.whitelist_attributes = true' in my config > application.rb file.
How do I safely (security wise) use strong_params in certain models only?
I suggest this approach: you leave strong params enabled by default, and you disable it specifically for the controllers that don't need it. (yes strong param is in controllers now with Rails 4, not in models anymore)
To disable for specific controller you can use params.require(:model_name).permit!
That will allow any params for that specific controller
Example
class UnsafeController
...
def update
...
@unsafe.update unsafe_params
...
end
private
def unsafe_params
params.require(:unsafe).permit!
end
end