F
Filament3mo ago
optimalspieler

Question regarding docs / security: "This is not an issue with mass assignment."

I have a question regarding the security documentation page: https://filamentphp.com/docs/3.x/panels/resources/security 
While attributes may be visible in JavaScript, only those with a form field are actually editable by the user. This is not an issue with mass assignment.
While attributes may be visible in JavaScript, only those with a form field are actually editable by the user. This is not an issue with mass assignment.
I understand the first part (all attributes are visible, but cannot be modified by malicious users). But what does "This is not an issue with mass assignment." mean in this context? If attributes are mass assignable, they can be changed even if there are no form fields for them? (I am not a native speaker)
Security - Panel Builder - Filament
3 Replies
lukasinko
lukasinko2d ago
I would like to understand that sentence as well.
Dennis Koch
Dennis Koch2d ago
I think it just adds to the first one. Filament uses mass assignment per default and this might feel unsafe. But only values with a field will be updated at all.
lukasinko
lukasinko2d ago
Thank you @Dennis Koch for clarification.
Want results from more Discord servers?
Add your server