diff --git a/Gemfile b/Gemfile
index 1181a9a..215fb9b 100644
--- a/Gemfile
+++ b/Gemfile
@@ -6,8 +6,6 @@ gem 'haml',   '~> 4.0'
 gem 'bcrypt', '~> 3.0'
 gem 'rabl',   '~> 0.6'
 
-gem 'protected_attributes', '~> 1.0'
-
 group :development, :test do
   gem 'rspec-rails',        '~> 2.6'
   gem 'spork',              '~> 1.0rc'
diff --git a/app/controllers/api/playlists_controller.rb b/app/controllers/api/playlists_controller.rb
index 82997a5..89d0881 100644
--- a/app/controllers/api/playlists_controller.rb
+++ b/app/controllers/api/playlists_controller.rb
@@ -7,8 +7,14 @@ module API
     end
 
     def create
-      @playlist = current_user.playlists.build(params[:playlist].slice(:name))
+      @playlist = current_user.playlists.build(playlist_params)
       @playlist.save
     end
+
+    private
+
+    def playlist_params
+      params.require(:playlist).permit(:name)
+    end
   end
 end
diff --git a/app/controllers/playlists_controller.rb b/app/controllers/playlists_controller.rb
index 698635b..ef39ded 100644
--- a/app/controllers/playlists_controller.rb
+++ b/app/controllers/playlists_controller.rb
@@ -8,7 +8,7 @@ class PlaylistsController < ApplicationController
   end
 
   def create
-    @playlist = current_user.playlists.build(params[:playlist])
+    @playlist = current_user.playlists.build(playlist_params)
     if @playlist.save
       redirect_to action: 'index'
     else
@@ -22,10 +22,16 @@ class PlaylistsController < ApplicationController
 
   def update
     @playlist = Playlist.find(params[:id])
-    if @playlist.update_attributes params[:playlist]
+    if @playlist.update_attributes playlist_params
       redirect_to action: 'index'
     else
       render action: 'edit'
     end
   end
+
+  private
+
+  def playlist_params
+    params.require(:playlist).permit(:name)
+  end
 end
diff --git a/app/controllers/tracks_controller.rb b/app/controllers/tracks_controller.rb
index 00c1537..b9b3b4e 100644
--- a/app/controllers/tracks_controller.rb
+++ b/app/controllers/tracks_controller.rb
@@ -8,11 +8,17 @@ class TracksController < ApplicationController
   end
 
   def create
-    @track = Track.new params[:track]
+    @track = Track.new track_params
     if @track.save
       redirect_to @track
     else
       render :new
     end
   end
+
+  private
+
+  def track_params
+    params.require(:track).permit(:name, :file)
+  end
 end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 1522d6a..ce251ce 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -6,7 +6,7 @@ class UsersController < ApplicationController
   end
 
   def create
-    @user = User.new(params[:user])
+    @user = User.new(user_params)
     if !@user.save
       render :new
     else
@@ -14,4 +14,10 @@ class UsersController < ApplicationController
       redirect_to :root
     end
   end
+
+  private
+
+  def user_params
+    params.require(:user).permit(:email, :password, :password_confirmation)
+  end
 end
diff --git a/app/models/playlist.rb b/app/models/playlist.rb
index 3f61b5d..404af23 100644
--- a/app/models/playlist.rb
+++ b/app/models/playlist.rb
@@ -1,8 +1,6 @@
 class Playlist < ActiveRecord::Base
   belongs_to :user
 
-  attr_accessible :name
-
   validates_presence_of :user
   validates_presence_of :name
 end
diff --git a/app/models/sound.rb b/app/models/sound.rb
index 95378ef..6dfd0d6 100644
--- a/app/models/sound.rb
+++ b/app/models/sound.rb
@@ -3,8 +3,6 @@ require 'fileutils'
 class Sound < ActiveRecord::Base
   belongs_to :track
 
-  attr_accessible :file
-
   validates_presence_of :sha256
   validates_presence_of :mime_type
 
diff --git a/app/models/track.rb b/app/models/track.rb
index 9e6188f..46c81dd 100644
--- a/app/models/track.rb
+++ b/app/models/track.rb
@@ -1,8 +1,6 @@
 class Track < ActiveRecord::Base
   has_many :sounds
 
-  attr_accessible :name, :file
-
   validates_presence_of :name
 
   def file=(file)
diff --git a/app/models/user.rb b/app/models/user.rb
index 503506a..81b8ad2 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -4,7 +4,6 @@ class User < ActiveRecord::Base
   include BCrypt
 
   attr_reader :password
-  attr_accessible :email, :password, :password_confirmation
 
   has_many :playlists
 
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 86588b4..c1a5ed4 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -1,28 +1,34 @@
 require 'spec_helper'
 
 describe UsersController do
+  let(:attributes) { FactoryGirl.attributes_for(:user) }
+
   describe 'GET new' do
     it 'assigns a new user as @user' do
       get :new
-      expect(assigns[:user]).to be_a_new(User)
+      expect(assigns[:user]).to be_a_new User
     end
   end
 
   describe 'POST create' do
+    def do_post(params = {})
+      post :create, user: attributes.merge(params)
+    end
+
     context 'whith valid params' do
       it 'creates a new user' do
         expect {
-          post :create, user: FactoryGirl.attributes_for(:user)
+          do_post
         }.to change(User, :count).by(1)
       end
 
       it 'signs the user in' do
-        post :create, user: FactoryGirl.attributes_for(:user)
+        do_post
         expect(controller.current_user).not_to be_nil
       end
 
       it 'redirects to the home page' do
-        post :create, user: FactoryGirl.attributes_for(:user)
+        do_post
         expect(response).to redirect_to :root
       end
     end
@@ -31,12 +37,12 @@ describe UsersController do
       before { allow_any_instance_of(User).to receive(:save) { false } }
 
       it 'assigns the user as @user' do
-        post :create, user: {}
+        do_post
         expect(assigns[:user]).to be_a_new User
       end
 
       it 'renders the new template' do
-        post :create, user: {}
+        do_post
         expect(response).to render_template 'new'
       end
     end
diff --git a/spec/models/playlist_spec.rb b/spec/models/playlist_spec.rb
index d3a3e17..d44ec06 100644
--- a/spec/models/playlist_spec.rb
+++ b/spec/models/playlist_spec.rb
@@ -8,5 +8,4 @@ describe Playlist do
   it { should belong_to :user }
   it { should validate_presence_of :user }
   it { should validate_presence_of :name }
-  it { should_not allow_mass_assignment_of :user }
 end
diff --git a/spec/models/track_spec.rb b/spec/models/track_spec.rb
index cc588d9..04aade9 100644
--- a/spec/models/track_spec.rb
+++ b/spec/models/track_spec.rb
@@ -8,7 +8,6 @@ describe Track do
   it { should be_valid }
   it { should have_many :sounds }
   it { should validate_presence_of :name }
-  it { should_not allow_mass_assignment_of :sounds }
 
   context 'with a file' do
     before { track.file = file }
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 979f83f..e9381ee 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -9,7 +9,6 @@ describe User do
   it { should validate_presence_of :email }
   it { should validate_presence_of :password }
   it { should validate_presence_of :password_hash }
-  it { should_not allow_mass_assignment_of :password_hash }
 
   context 'when a user with the same email address already exists' do
     let(:old_user)  { FactoryGirl.create(:user, email: 'unique@example.net') }