Revision #13 has been created by Gismo on Nov 29, 2012, 12:24:29 PM with the memo:
edit russian version anchor
« previous (#12)
Understanding "Safe" Validation Rules
Forms, Validation, Safe, Massive Assignment, understanding
[...]Yii takes the conservative approach that attributes are assumed to be unsafe unless the developer explicitly makes them so (a "default deny" paradigm), rather than the easier but more dangerous "default allow".
It's wise to review the Rules in your model from time to time to ensure that you're not allowing things you should not (especially when scenarios are in play), because it's not uncommon to wildly mark things as safe during a bout of validation problems without realizing that this actaully reduces the security of the application.
Russian Version: [
The PHP Times