What is #Strong Parameters Strong Parameters is a mechanism for improving the security added from Rails 4 series. A security measure that prevents the execution of unintended code by an attacker by ensuring that only the specified value is received.
There is a security issue known as a “mass assignment vulnerability” when submitting data from a form. Simply put, it’s a vulnerability where an invalid request could change an unexpected value when sending data. Rails provides a “Strong Parameters” mechanism to prevent this vulnerability.
It is like this. Strong parameters should always be written below private.
class UsersController <ApplicationController def create user = User.new(user_params) end private def user_params params.require(:user).permit(:name, :email) end end
Simply put, even if the value (parameter) related to user is sent, only “name” and “email” are allowed.