1

In Rails, when you go to the edit action, it automatically pulls the information from the models and populates the form. If I had a CRUD that saves sensitive information, for example password or ssn, how can I filter the values so that it doesn't just show it in plaintext when editing the form?

I was going to change the value in the controller by setting it to ****, but the potential risk there is people may submit the form and it will update the SSN to ****.

I'm not referring to filtering the params so it doesn't show up in console (config.filter_parameters).

4

1 回答 1

0

将输入字段更改为 type="password" 应该可以解决您的问题。如果它们是空白的,请不要在控制器中设置字段。

如果您使用的是表单生成器,请将 text_field 更改为 password_field。

于 2013-03-23T00:40:13.830 回答