`

# What are strong parameters?

213

Strong parameters in Rails are a security feature introduced in Rails 4 to help prevent mass assignment vulnerabilities. They allow developers to specify which parameters are permitted in a controller action, ensuring that only the intended attributes can be modified.

How Strong Parameters Work

When a request is made to a Rails application, the parameters are passed to the controller as a hash. By default, Rails allows all parameters to be passed to the controller, which can create security vulnerabilities. Strong parameters work by allowing developers to define a whitelist of parameters that are permitted in each controller action.

Example

Consider a User model with attributes name and email. You want to allow users to update their name but not their email. Here’s how you can use strong parameters to achieve this:

class UsersController < ApplicationController
  def update
    @user = User.find(params[:id])
    if @user.update(user_params)
      redirect_to @user
    else
      render :edit
    end
  end

  private

  def user_params
    params.require(:user).permit(:name)
  end
end
In this example, the user_params method uses the require and permit methods to control which parameters are allowed. The require method ensures that the user parameter is present, while the permit method allows only the name parameter to be updated.

Benefits of Strong Parameters
  1. Protection Against Mass Assignment: Prevents users from sending unexpected parameters to a controller action, which could lead to unauthorized changes.
  2. Increased Security: By controlling which parameters are permitted, strong parameters help to increase the security of Rails applications.
  3. Easy to Implement: Strong parameters are straightforward to implement and can be added to any controller action with just a few lines of code.
Conclusion

Strong parameters are an essential feature in Rails that help protect against malicious input and increase the security of your application. By defining a whitelist of permitted parameters for each controller action, you can prevent mass assignment vulnerabilities and other security issues.