I have this in my :show
action of users_controller
.
def show
@user = User.find(params[:id])
end
But there are some columns in the users table that I wouldn't want accessed from the @user
instance variable.
There is the encrypted_password
column and the salt
column. What can i do on the model or the controller to ensure that @user
has no password
or salt
values.
I want when I do @user.password
or @user.salt
, it returns nil
or something that can't compromise a user's security.