Rails intelligently maps query parameters to model
state, which saves a lot of boilerplate code. However, version 3.0 of
the Rails framework was vulnerable to arbitrary mass assignment -
meaning carefully crafted HTTP requests could overwrite protected state
in the data-model.
