diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -52,7 +52,7 @@
       redirect_to :controller => 'main', :action => 'login'
       return
     end
-    @user = User.new(params[:user])
+    @user = User.new(user_params)
     @user.password_confirmation = @user.password = User.random_password
     @user.activated = false
     if (@user.valid?) and (@user.save)
@@ -209,6 +209,10 @@
     #finally, we allow only admin
     admin_authorization
   end
-  
+
+  private
+    def user_params
+      params.require(:user).permit(:login, :full_name, :email)
+    end
 
 end