Tweet
Tweet

Slide 1

Slide 1 text

Matthew Seeley @maxsilver Strong Parameters in Rails 4 Monday, June 3, 13

Slide 2

Slide 2 text

What are Strong Parameters? Monday, June 3, 13

Slide 3

Slide 3 text

Monday, June 3, 13

Slide 4

Slide 4 text

“Strong Parameters” are Mass-assignment protection Monday, June 3, 13

Slide 5

Slide 5 text

This is Mass-assignment Monday, June 3, 13

Slide 6

Slide 6 text

Example Monday, June 3, 13

Slide 7

Slide 7 text

Backwards in history... Monday, June 3, 13

Slide 8

Slide 8 text

February 2012 Monday, June 3, 13

Slide 9

Slide 9 text

Monday, June 3, 13

Slide 10

Slide 10 text

Monday, June 3, 13

Slide 11

Slide 11 text

Business Rules : Is this code safe? Any authenticated user can edit their own account Monday, June 3, 13

Slide 12

Slide 12 text

What if I make this change? Monday, June 3, 13

Slide 13

Slide 13 text

Mass assignment was vulnerable by default, if a developer wasn’t careful about how they updated an object’s parameters. Monday, June 3, 13

Slide 14

Slide 14 text

Monday, June 3, 13

Slide 15

Slide 15 text

Monday, June 3, 13

Slide 16

Slide 16 text

Protection! attr_accessible, attr_protected Resolved this issue, *if* you remembered to use them. Monday, June 3, 13

Slide 17

Slide 17 text

Monday, June 3, 13

Slide 18

Slide 18 text

March 2012 Monday, June 3, 13

Slide 19

Slide 19 text

Monday, June 3, 13

Slide 20

Slide 20 text

Monday, June 3, 13

Slide 21

Slide 21 text

Monday, June 3, 13

Slide 22

Slide 22 text

Monday, June 3, 13

Slide 23

Slide 23 text

Today Monday, June 3, 13

Slide 24

Slide 24 text

Today in Rails 3 - Parameter Control Attributes require attr_accessible to be mass assigned and this distinction lives in the model Monday, June 3, 13

Slide 25

Slide 25 text

New in Rails 4 Monday, June 3, 13

Slide 26

Slide 26 text

Monday, June 3, 13

Slide 27

Slide 27 text

How to use? Monday, June 3, 13

Slide 28

Slide 28 text

Rails 4 - Parameter Control Attributes require permitted key to be mass assigned and this distinction lives in the controller params.require(:hash_key).permit(:a, :bunch, :of, :keys) params.permit(:foo, {:bar => []}) Monday, June 3, 13

Slide 29

Slide 29 text

Monday, June 3, 13

Slide 30

Slide 30 text

Monday, June 3, 13

Slide 31

Slide 31 text

Matthew Seeley @maxsilver www.matthewseeley.net Further Reading : Strong Parameters [Rails 4 Countdown to 2013] - Remarkable Labs (Rida Al Barazi) http://blog.remarkablelabs.com/2012/12/strong-parameters-rails-4-countdown-to-2013 Strong Parameters in Rails 4 - Captured Sparks (Robin Fisher) http://capturedsparks.com/2013/03/05/strong-parameters-in-rails-4/ Monday, June 3, 13