forigen keys as Guarded propertes on models, Laravel 4.xx

Question

When using the $guarded property on Laravel models is it best practice to always include any relation foreign keys, so they cannot be mass assigned using $model::create($data); syntax?

e.g. i currently often do the following:

class Application extends Eloquent {

    protected $guarded = array('id','job_id','organisation_id','user_id');

        ...

Answer 1

I think it's best practice just as much as it is for the model's primary key, since the goal is to prevent attacks when passing HTTP request input data into the model without checking if it contains "illegal" keys (which is what is done most of the time with mass assignment). Even with CSRF token and all possible precautions, ultimately better not trust the HTTP request input data.