diff --git a/app/controllers/configurations_controller.rb b/app/controllers/configurations_controller.rb
--- a/app/controllers/configurations_controller.rb
+++ b/app/controllers/configurations_controller.rb
@@ -19,7 +19,7 @@
     @config = GraderConfiguration.find(params[:id])
     User.clear_last_login if @config.key == GraderConfiguration::MULTIPLE_IP_LOGIN_KEY and @config.value == 'true' and params[:grader_configuration][:value] == 'false'
     respond_to do |format|
-      if @config.update_attributes(params[:grader_configuration])
+      if @config.update_attributes(configuration_params)
         format.json { head :ok }
       else
         format.json { respond_with_bip(@config) }
@@ -27,4 +27,9 @@
     end
   end
 
+private
+  def configuration_params
+    params.require(:grader_configuration).permit(:key,:value_type,:value,:description)
+  end
+
 end