[rails] What are Strong Parameters?

What is Strong Parameters?

Strong Parameters is a mechanism added from Rails 4 series to improve security. A security measure that prevents an attacker from executing unintended code by not receiving anything other than the specified value.

When submitting data from a form, there is a security issue called a "mass assignment vulnerability". Simply put, it is a vulnerability in which an unauthorized request changes an unexpected value when sending data. Rails provides a "Strong Parameters" mechanism to prevent this vulnerability.

It is like this. Be sure to write Strong parameters below private.

app/controller/user_controller.rb


class UsersController < ApplicationController
  def create
    user = User.new(user_params)
  end

  private

  def user_params
    params.require(:user).permit(:name, :email)
  end
end

Simply put, even if the value (parameter) related to user is sent, only "name" and "email" are allowed.

Recommended Posts

[rails] What are Strong Parameters?
[Rails] What are params?
About rails strong parameters
[Environment variables] What are rails environment variables?
[Strong parameters]
[Rails] Add strong parameters to devise
Summary of strong parameters
[Rails] How to get the contents of strong parameters
Enable strong parameters in devise
What are command line arguments?
What are practically final variables?
What are Ruby class methods?
config.ru What are you doing?
Pass parameters to Rails link_to
What are mass assignment vulnerabilities?
What are Java metrics? _Memo_20200818
What is Rails Active Record?
[Rails] What to do if you can't get parameters with form_with
[Rails] What was the error message?
What I learned from studying Rails
[Ruby on Rails] What is Bcrypt?
About require when setting strong parameters
What are the rules in JUnit?
[Java] What are overrides and overloads?