diff --git a/store-after/Gemfile b/store-after/Gemfile
index 17943fb..4dc433b 100644
--- a/store-after/Gemfile
+++ b/store-after/Gemfile
@@ -1,6 +1,6 @@
 source 'https://rubygems.org'
 
-gem 'rails', '3.2.11'
+gem 'rails', '~> 4.2.0'
 
 # Bundle edge Rails instead:
 # gem 'rails', :git => 'git://github.com/rails/rails.git'
@@ -11,8 +11,8 @@ gem 'sqlite3'
 # Gems used only for assets and not required
 # in production environments by default.
 group :assets do
-  gem 'sass-rails',   '~> 3.2.3'
-  gem 'coffee-rails', '~> 3.2.1'
+  gem 'sass-rails'
+  gem 'coffee-rails'
 
   # See https://github.com/sstephenson/execjs#readme for more supported runtimes
   # gem 'therubyracer', :platforms => :ruby
diff --git a/store-after/Gemfile.lock b/store-after/Gemfile.lock
index 6bd1398..b8e6bfc 100644
--- a/store-after/Gemfile.lock
+++ b/store-after/Gemfile.lock
@@ -1,112 +1,132 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (3.2.11)
-      actionpack (= 3.2.11)
-      mail (~> 2.4.4)
-    actionpack (3.2.11)
-      activemodel (= 3.2.11)
-      activesupport (= 3.2.11)
-      builder (~> 3.0.0)
+    actionmailer (4.2.1)
+      actionpack (= 4.2.1)
+      actionview (= 4.2.1)
+      activejob (= 4.2.1)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (4.2.1)
+      actionview (= 4.2.1)
+      activesupport (= 4.2.1)
+      rack (~> 1.6)
+      rack-test (~> 0.6.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.1)
+    actionview (4.2.1)
+      activesupport (= 4.2.1)
+      builder (~> 3.1)
       erubis (~> 2.7.0)
-      journey (~> 1.0.4)
-      rack (~> 1.4.0)
-      rack-cache (~> 1.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.2.1)
-    activemodel (3.2.11)
-      activesupport (= 3.2.11)
-      builder (~> 3.0.0)
-    activerecord (3.2.11)
-      activemodel (= 3.2.11)
-      activesupport (= 3.2.11)
-      arel (~> 3.0.2)
-      tzinfo (~> 0.3.29)
-    activeresource (3.2.11)
-      activemodel (= 3.2.11)
-      activesupport (= 3.2.11)
-    activesupport (3.2.11)
-      i18n (~> 0.6)
-      multi_json (~> 1.0)
-    arel (3.0.2)
-    builder (3.0.4)
-    coffee-rails (3.2.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.1)
+    activejob (4.2.1)
+      activesupport (= 4.2.1)
+      globalid (>= 0.3.0)
+    activemodel (4.2.1)
+      activesupport (= 4.2.1)
+      builder (~> 3.1)
+    activerecord (4.2.1)
+      activemodel (= 4.2.1)
+      activesupport (= 4.2.1)
+      arel (~> 6.0)
+    activesupport (4.2.1)
+      i18n (~> 0.7)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
+    arel (6.0.0)
+    builder (3.2.2)
+    coffee-rails (4.1.0)
       coffee-script (>= 2.2.0)
-      railties (~> 3.2.0)
-    coffee-script (2.2.0)
+      railties (>= 4.0.0, < 5.0)
+    coffee-script (2.3.0)
       coffee-script-source
       execjs
-    coffee-script-source (1.4.0)
+    coffee-script-source (1.9.1)
     erubis (2.7.0)
-    execjs (1.4.0)
-      multi_json (~> 1.0)
-    hike (1.2.1)
-    i18n (0.6.1)
-    journey (1.0.4)
-    jquery-rails (2.2.0)
-      railties (>= 3.0, < 5.0)
+    execjs (2.4.0)
+    globalid (0.3.3)
+      activesupport (>= 4.1.0)
+    hike (1.2.3)
+    i18n (0.7.0)
+    jquery-rails (4.0.3)
+      rails-dom-testing (~> 1.0)
+      railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
-    json (1.7.6)
-    mail (2.4.4)
-      i18n (>= 0.4.0)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    mime-types (1.19)
-    multi_json (1.5.0)
-    polyglot (0.3.3)
-    rack (1.4.4)
-    rack-cache (1.2)
-      rack (>= 0.4)
-    rack-ssl (1.3.2)
-      rack
-    rack-test (0.6.2)
+    json (1.8.2)
+    loofah (2.0.1)
+      nokogiri (>= 1.5.9)
+    mail (2.6.3)
+      mime-types (>= 1.16, < 3)
+    mime-types (2.4.3)
+    mini_portile (0.6.2)
+    minitest (5.5.1)
+    multi_json (1.11.0)
+    nokogiri (1.6.6.2)
+      mini_portile (~> 0.6.0)
+    rack (1.6.0)
+    rack-test (0.6.3)
       rack (>= 1.0)
-    rails (3.2.11)
-      actionmailer (= 3.2.11)
-      actionpack (= 3.2.11)
-      activerecord (= 3.2.11)
-      activeresource (= 3.2.11)
-      activesupport (= 3.2.11)
-      bundler (~> 1.0)
-      railties (= 3.2.11)
-    railties (3.2.11)
-      actionpack (= 3.2.11)
-      activesupport (= 3.2.11)
-      rack-ssl (~> 1.3.2)
+    rails (4.2.1)
+      actionmailer (= 4.2.1)
+      actionpack (= 4.2.1)
+      actionview (= 4.2.1)
+      activejob (= 4.2.1)
+      activemodel (= 4.2.1)
+      activerecord (= 4.2.1)
+      activesupport (= 4.2.1)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.2.1)
+      sprockets-rails
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.6)
+      activesupport (>= 4.2.0.beta, < 5.0)
+      nokogiri (~> 1.6.0)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.2)
+      loofah (~> 2.0)
+    railties (4.2.1)
+      actionpack (= 4.2.1)
+      activesupport (= 4.2.1)
       rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (>= 0.14.6, < 2.0)
-    rake (10.0.3)
-    rdoc (3.12)
-      json (~> 1.4)
-    sass (3.2.5)
-    sass-rails (3.2.6)
-      railties (~> 3.2.0)
-      sass (>= 3.1.10)
-      tilt (~> 1.3)
-    sprockets (2.2.2)
+      thor (>= 0.18.1, < 2.0)
+    rake (10.4.2)
+    sass (3.4.13)
+    sass-rails (5.0.3)
+      railties (>= 4.0.0, < 5.0)
+      sass (~> 3.1)
+      sprockets (>= 2.8, < 4.0)
+      sprockets-rails (>= 2.0, < 4.0)
+      tilt (~> 1.1)
+    sprockets (2.12.3)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sqlite3 (1.3.7)
-    thor (0.17.0)
-    tilt (1.3.3)
-    treetop (1.4.12)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.35)
-    uglifier (1.3.0)
+    sprockets-rails (2.2.4)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      sprockets (>= 2.8, < 4.0)
+    sqlite3 (1.3.10)
+    thor (0.19.1)
+    thread_safe (0.3.5)
+    tilt (1.4.1)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+    uglifier (2.7.1)
       execjs (>= 0.3.0)
-      multi_json (~> 1.0, >= 1.0.2)
+      json (>= 1.8.0)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  coffee-rails (~> 3.2.1)
+  coffee-rails
   jquery-rails
-  rails (= 3.2.11)
-  sass-rails (~> 3.2.3)
+  rails (~> 4.2.0)
+  sass-rails
   sqlite3
   uglifier (>= 1.0.3)
diff --git a/store-after/app/controllers/product_types_controller.rb b/store-after/app/controllers/product_types_controller.rb
index 723d378..bcc2760 100644
--- a/store-after/app/controllers/product_types_controller.rb
+++ b/store-after/app/controllers/product_types_controller.rb
@@ -40,7 +40,7 @@ def edit
   # POST /product_types
   # POST /product_types.json
   def create
-    @product_type = ProductType.new(params[:product_type])
+    @product_type = ProductType.new(product_type_params)
 
     respond_to do |format|
       if @product_type.save
@@ -59,7 +59,7 @@ def update
     @product_type = ProductType.find(params[:id])
 
     respond_to do |format|
-      if @product_type.update_attributes(params[:product_type])
+      if @product_type.update_attributes(product_type_params)
         format.html { redirect_to @product_type, notice: 'Product type was successfully updated.' }
         format.json { head :no_content }
       else
@@ -80,4 +80,9 @@ def destroy
       format.json { head :no_content }
     end
   end
+
+  def product_type_params
+	params.require(:product_type).permit(
+			:name, fields_attributes: [ :field_type, :name, :required ] )
+  end
 end
diff --git a/store-after/app/controllers/products_controller.rb b/store-after/app/controllers/products_controller.rb
index fd02418..5f67d37 100644
--- a/store-after/app/controllers/products_controller.rb
+++ b/store-after/app/controllers/products_controller.rb
@@ -16,7 +16,7 @@ def edit
   end
 
   def create
-    @product = Product.new(params[:product])
+    @product = Product.new(product_params)
     if @product.save
       redirect_to @product, notice: 'Product was successfully created.'
     else
@@ -26,7 +26,7 @@ def create
 
   def update
     @product = Product.find(params[:id])
-    if @product.update_attributes(params[:product])
+    if @product.update_attributes(product_params)
       redirect_to @product, notice: 'Product was successfully updated.'
     else
       render action: "edit"
@@ -38,4 +38,11 @@ def destroy
     @product.destroy
     redirect_to products_url
   end
+
+  private
+
+  def product_params
+	params.require(:product).permit(:name, :price, :product_type_id,
+								:properties)
+  end
 end
diff --git a/store-after/app/models/product.rb b/store-after/app/models/product.rb
index c82335d..37003d4 100644
--- a/store-after/app/models/product.rb
+++ b/store-after/app/models/product.rb
@@ -1,10 +1,9 @@
 class Product < ActiveRecord::Base
-  attr_accessible :name, :price, :product_type_id, :properties
   belongs_to :product_type
   serialize :properties, Hash
-  
+
   validate :validate_properties
-  
+
   def validate_properties
     product_type.fields.each do |field|
       if field.required? && properties[field.name].blank?
diff --git a/store-after/app/models/product_field.rb b/store-after/app/models/product_field.rb
index a8a436b..e6ea9df 100644
--- a/store-after/app/models/product_field.rb
+++ b/store-after/app/models/product_field.rb
@@ -1,4 +1,3 @@
 class ProductField < ActiveRecord::Base
   belongs_to :product_type
-  attr_accessible :field_type, :name, :required
 end
diff --git a/store-after/app/models/product_type.rb b/store-after/app/models/product_type.rb
index a065ebb..c517f34 100644
--- a/store-after/app/models/product_type.rb
+++ b/store-after/app/models/product_type.rb
@@ -1,5 +1,4 @@
 class ProductType < ActiveRecord::Base
-  attr_accessible :name, :fields_attributes
   has_many :fields, class_name: "ProductField"
   accepts_nested_attributes_for :fields, allow_destroy: true
 end
diff --git a/store-after/config/application.rb b/store-after/config/application.rb
index e4dc700..9408056 100644
--- a/store-after/config/application.rb
+++ b/store-after/config/application.rb
@@ -47,12 +47,6 @@ class Application < Rails::Application
     # like if you have constraints or database-specific column types
     # config.active_record.schema_format = :sql
 
-    # Enforce whitelist mode for mass assignment.
-    # This will create an empty whitelist of attributes available for mass-assignment for all models
-    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
-    # parameters by using an attr_accessible or attr_protected declaration.
-    config.active_record.whitelist_attributes = true
-
     # Enable the asset pipeline
     config.assets.enabled = true
 
diff --git a/store-after/config/environments/development.rb b/store-after/config/environments/development.rb
index 2497828..9f186e5 100644
--- a/store-after/config/environments/development.rb
+++ b/store-after/config/environments/development.rb
@@ -22,13 +22,6 @@
   # Only use best-standards-support built into browsers
   config.action_dispatch.best_standards_support = :builtin
 
-  # Raise exception on mass assignment protection for Active Record models
-  config.active_record.mass_assignment_sanitizer = :strict
-
-  # Log the query plan for queries taking more than this (works
-  # with SQLite, MySQL, and PostgreSQL)
-  config.active_record.auto_explain_threshold_in_seconds = 0.5
-
   # Do not compress assets
   config.assets.compress = false
 
diff --git a/store-after/config/environments/test.rb b/store-after/config/environments/test.rb
index ef6ec5a..ac27448 100644
--- a/store-after/config/environments/test.rb
+++ b/store-after/config/environments/test.rb
@@ -29,9 +29,6 @@
   # ActionMailer::Base.deliveries array.
   config.action_mailer.delivery_method = :test
 
-  # Raise exception on mass assignment protection for Active Record models
-  config.active_record.mass_assignment_sanitizer = :strict
-
   # Print deprecation notices to the stderr
   config.active_support.deprecation = :stderr
 end
diff --git a/store-after/db/schema.rb b/store-after/db/schema.rb
index 0a7832a..b3a39f3 100644
--- a/store-after/db/schema.rb
+++ b/store-after/db/schema.rb
@@ -9,32 +9,32 @@
 # from scratch. The latter is a flawed and unsustainable approach (the more migrations
 # you'll amass, the slower it'll run and the greater likelihood for issues).
 #
-# It's strongly recommended to check this file into your version control system.
+# It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20130128062538) do
+ActiveRecord::Schema.define(version: 20130128062538) do
 
-  create_table "product_fields", :force => true do |t|
+  create_table "product_fields", force: :cascade do |t|
     t.string   "name"
     t.string   "field_type"
     t.boolean  "required"
     t.integer  "product_type_id"
-    t.datetime "created_at",      :null => false
-    t.datetime "updated_at",      :null => false
+    t.datetime "created_at"
+    t.datetime "updated_at"
   end
 
-  add_index "product_fields", ["product_type_id"], :name => "index_product_fields_on_product_type_id"
+  add_index "product_fields", ["product_type_id"], name: "index_product_fields_on_product_type_id"
 
-  create_table "product_types", :force => true do |t|
+  create_table "product_types", force: :cascade do |t|
     t.string   "name"
-    t.datetime "created_at", :null => false
-    t.datetime "updated_at", :null => false
+    t.datetime "created_at"
+    t.datetime "updated_at"
   end
 
-  create_table "products", :force => true do |t|
+  create_table "products", force: :cascade do |t|
     t.string   "name"
     t.decimal  "price"
-    t.datetime "created_at",      :null => false
-    t.datetime "updated_at",      :null => false
+    t.datetime "created_at"
+    t.datetime "updated_at"
     t.integer  "product_type_id"
     t.text     "properties"
   end