diff --git a/config/initializers/active_record_api_extensions.rb b/config/initializers/active_record_api_extensions.rb
index 24243dad6..0efad591e 100644
--- a/config/initializers/active_record_api_extensions.rb
+++ b/config/initializers/active_record_api_extensions.rb
@@ -17,7 +17,8 @@ module Danbooru
         options[:except] += hidden_attributes
         super(options, &block)
       end
-      
+    
+    protected
       def hidden_attributes
         [:uploader_ip_addr, :updater_ip_addr, :creator_ip_addr, :ip_addr]
       end
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
index 924ee2816..f1cec5c99 100644
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -156,6 +156,24 @@ class UserTest < ActiveSupport::TestCase
       end
     end
       
+    context "ip address" do
+      setup do
+        @user = Factory.create(:user)
+      end
+      
+      context "in the json representation" do
+        should "not appear" do
+          assert(@user.to_json !~ /addr/)
+        end
+      end
+      
+      context "in the xml representation" do
+        should "not appear" do
+          assert(@user.to_xml !~ /addr/)
+        end
+      end
+    end
+    
     context "password" do
       should "match the confirmation" do
         @user = Factory.create(:user)
@@ -187,6 +205,26 @@ class UserTest < ActiveSupport::TestCase
         new_pass = @user.reset_password
         assert(User.authenticate(@user.name, new_pass), "Authentication should have succeeded")
       end
+      
+      context "in the json representation" do
+        setup do
+          @user = Factory.create(:user)
+        end
+        
+        should "not appear" do
+          assert(@user.to_json !~ /password/)
+        end
+      end
+      
+      context "in the xml representation" do
+        setup do
+          @user = Factory.create(:user)
+        end
+        
+        should "not appear" do
+          assert(@user.to_xml !~ /password/)
+        end
+      end
     end
   end
 end