Rails intelligently maps query parameters to model state, which saves a lot of boilerplate code.
However, version 3.0 of the Rails framework was vulnerable to arbitrary mass assignment -
meaning carefully crafted HTTP requests could overwrite protected state in the data-model.
