[Ruby] [rails]Strong Parametersとは?

less than 1 minute read

What is #Strong Parameters Strong Parameters is a mechanism for improving the security added from Rails 4 series. A security measure that prevents the execution of unintended code by an attacker by ensuring that only the specified value is received.

There is a security issue known as a “mass assignment vulnerability” when submitting data from a form. Simply put, it’s a vulnerability where an invalid request could change an unexpected value when sending data. Rails provides a “Strong Parameters” mechanism to prevent this vulnerability.

It is like this. Strong parameters should always be written below private.

app/controller/user_controller.rb


class UsersController <ApplicationController
  def create
    user = User.new(user_params)
  end

  private

  def user_params
    params.require(:user).permit(:name, :email)
  end
end

Simply put, even if the value (parameter) related to user is sent, only “name” and “email” are allowed.