Question regarding docs / security: "This is not an issue with mass assignment."

I have a question regarding the security documentation page: https://filamentphp.com/docs/3.x/panels/resources/security
While attributes may be visible in JavaScript, only those with a form field are actually editable by the user. This is not an issue with mass assignment.
While attributes may be visible in JavaScript, only those with a form field are actually editable by the user. This is not an issue with mass assignment.
I understand the first part (all attributes are visible, but cannot be modified by malicious users). But what does "This is not an issue with mass assignment." mean in this context? If attributes are mass assignable, they can be changed even if there are no form fields for them? (I am not a native speaker)
3 Replies
lukasinko
lukasinko3mo ago
I would like to understand that sentence as well.
Dennis Koch
Dennis Koch3mo ago
I think it just adds to the first one. Filament uses mass assignment per default and this might feel unsafe. But only values with a field will be updated at all.
lukasinko
lukasinko3mo ago
Thank you @Dennis Koch for clarification.
Want results from more Discord servers?
Add your server