Strong Parameters in Rails 4

Strong Parameters in Rails 4

The history of Strong Parameters in Rails 3, changes around it's use due to the mass-assignment vulnerability, and the new convention for using them in Rails 4.

C576a8279dfbbb802bead8810ff6d8f4?s=128

Matthew Seeley

June 03, 2013
Tweet

Transcript

  1. Matthew Seeley @maxsilver Strong Parameters in Rails 4 Monday, June

    3, 13
  2. What are Strong Parameters? Monday, June 3, 13

  3. Monday, June 3, 13

  4. “Strong Parameters” are Mass-assignment protection Monday, June 3, 13

  5. This is Mass-assignment Monday, June 3, 13

  6. Example Monday, June 3, 13

  7. Backwards in history... Monday, June 3, 13

  8. February 2012 Monday, June 3, 13

  9. Monday, June 3, 13

  10. Monday, June 3, 13

  11. Business Rules : Is this code safe? Any authenticated user

    can edit their own account Monday, June 3, 13
  12. What if I make this change? Monday, June 3, 13

  13. Mass assignment was vulnerable by default, if a developer wasn’t

    careful about how they updated an object’s parameters. Monday, June 3, 13
  14. Monday, June 3, 13

  15. Monday, June 3, 13

  16. Protection! attr_accessible, attr_protected Resolved this issue, *if* you remembered to

    use them. Monday, June 3, 13
  17. Monday, June 3, 13

  18. March 2012 Monday, June 3, 13

  19. Monday, June 3, 13

  20. Monday, June 3, 13

  21. Monday, June 3, 13

  22. Monday, June 3, 13

  23. Today Monday, June 3, 13

  24. Today in Rails 3 - Parameter Control Attributes require attr_accessible

    to be mass assigned and this distinction lives in the model Monday, June 3, 13
  25. New in Rails 4 Monday, June 3, 13

  26. Monday, June 3, 13

  27. How to use? Monday, June 3, 13

  28. Rails 4 - Parameter Control Attributes require permitted key to

    be mass assigned and this distinction lives in the controller params.require(:hash_key).permit(:a, :bunch, :of, :keys) params.permit(:foo, {:bar => []}) Monday, June 3, 13
  29. Monday, June 3, 13

  30. Monday, June 3, 13

  31. Matthew Seeley @maxsilver www.matthewseeley.net Further Reading : Strong Parameters [Rails

    4 Countdown to 2013] - Remarkable Labs (Rida Al Barazi) http://blog.remarkablelabs.com/2012/12/strong-parameters-rails-4-countdown-to-2013 Strong Parameters in Rails 4 - Captured Sparks (Robin Fisher) http://capturedsparks.com/2013/03/05/strong-parameters-in-rails-4/ Monday, June 3, 13