Summary of strong parameters

What is a strong parameter?

Mass Assignment Vulnerability

For example, when inputting data from a form, there is a possibility that the input value of unintended data will be accepted as it is by exchanging or rewriting the input field and the corresponding column using a developer tool or the like.

スクリーンショット 2020-12-29 10.12.28.png ↓ Expansion スクリーンショット 2020-12-29 10.08.20.png ** * Data is saved in a column different from the column corresponding to the original form **

Benefits of strong parameters

When retrieving the information entered in the post form with params, it is possible to prevent saving invalid contents. If you set a column with a strong parameter, you can receive only the information of that column.

how to use

books_controller.rb


private

def book_params
  params.require(:book).permit(:title, :body)
end     #Model specification#Key specification

** permit method ** ** = Of the keys obtained by params, the method that allows saving to the database **

In the above case, even if params contains data of other columns, it is not saved in the database.

Specifically, the parameters sent when the form is submitted are basically sent with the following double hash structure, but in this case only the" book "part in it. Allows you to save.

terminal


Processing by BooksController#create as HTML
Parameters: {
 "utf8"=>"✓", 
 "authenticity_token"=>"Token information is listed",
 "book"=>{"title"=>"Botchan", "body"=>"A novel by Soseki Natsume"},  #params.require(:book).permit(:title, body)The part specified by
 "commit"=>"Create Book"
}

private method

The " private "method described in the first line of the above code allows you to limit the methods and variables described below.

In the above case, since it is used in books_controller, the above-mentioned "book_params" method cannot be called by other controllers (example: users_controller).

Summary

By using strong parameters within the scope of private methods, it is possible to prevent the storage of illegal data and enhance security.

If you have any mistakes regarding the content, please let us know in the comments.

Recommended Posts

Summary of strong parameters
[Strong parameters]
Summary of OpenJDK sources
Summary of jar files
Summary of information security
Summary of using FragmentArgs
Summary of using DBFlow
Summary of Java support 2018
About rails strong parameters
[JavaServlet] Summary of correspondence when Japanese parameters are garbled
[Rails] How to get the contents of strong parameters
Summary of FileInputStream and BufferedInputStream
[Java11] Stream Summary -Advantages of Stream-
[rails] What are Strong Parameters?
Summary of using Butter Knife
Enable strong parameters in devise
[Java] Summary of regular expressions
[Java] Summary of operators (operator)
Summary of "abstract interface differences"
Summary of Java language basics
[Java] Summary of for statements
Summary of Java Math class
Summary of basic functions of ImageJ
Summary of 2020 programming learning output
[Java] Summary of control syntax
Summary of java error processing
[Java] Summary of design patterns
[Java] Summary of mathematical operations
[Rails Struggle/Rails Tutorial] Summary of Rails Tutorial Chapter 2
Summary of rails validation (for myself)
Spring Framework 5.0 Summary of major changes
[For beginners] Summary of java constructor
[Rails] Summary of complicated routing configurations
Summary of devise controller initial state
Summary
Summary of frequently used Docker commands
About require when setting strong parameters
[Rails] Add strong parameters to devise
Summary of object-oriented programming using Java
Summary about the introduction of Device
A brief summary of DI and DI containers
[Java Silver] Summary of access modifier points
Summary of in-house newcomer study session [Java]
Summary of stumbling blocks related to form_with
[2020 edition] Summary of introductory articles on Struts2
[java] Summary of how to handle char
Summary of changes other than JEP of Java10
Summary of Docker understanding by beginners ② ~ docker-compose ~
[Rails Struggle/Rails Tutorial] Summary of Heroku commands
[Java] Personal summary of conditional statements (basic)
Summary of root classes in various languages
Summary of hashes and symbols in Ruby
Summary of going to JJUG CCC 2019 Spring
[Java] [Maven3] Summary of how to use Maven3
Summary of CR, LF, CRL of open method
Java Summary of frequently searched type conversions
Summary of Java Math.random and import (Calendar)