I'm being working in this kind of application and there is no problem with the "shitload of monkey patching". Most of work was being done in the controller layer to filter the parameters. After you finished this you can safely remove the protected_attributes gem. To make this we created a migration sanitizer for the protected_attributes gem that I plan to integrate in the gem itself very soon.