SupeRails | Ruby on Rails #77 HACKERMAN: strong params authorization

Ruby on Rails #77 HACKERMAN: strong params authorization

09/05/2022 (about 2 years ago)

Even if some parameters are not visible or editable in the HTML, it does not mean a user won't be able to change them. This way a user can potentially do malicious actions in your app. Make sure that only expected attributes are editable, using strong params!

Episode source code: https://github.com/corsego/77-strong-params-authorization/commit/4609d17e23b5b5f244e554d91b32e68d852b6ae8

Text version: https://blog.corsego.com/permit-params-by-current-user-roles

Rails Docs: https://api.rubyonrails.org/classes/ActionController/StrongParameters.html

0

Sign in to join the conversation

Recommended based on what you are watching now

Ruby on Rails #103 Simple Omniauth without Devise

Free Ruby on Rails #103 Simple Omniauth without Devise

16/01/2023 (over 1 year ago)

without devise devise alternatives rails authentication omniauth oauth2

Ruby on Rails #14 Stripe API - SaaS blog - Stripe Checkout Session, Billing Portal

Free Ruby on Rails #14 Stripe API - SaaS blog - Stripe Checkout Session, Billing Portal

08/04/2021 (about 3 years ago)

Ruby on Rails #10 Stripe API - Clear Cart after Checkout, edit Stripe Price

Free Ruby on Rails #10 Stripe API - Clear Cart after Checkout, edit Stripe Price

30/03/2021 (about 3 years ago)

Friendly Show E1 Pilot 😬. You need a CS degree to be a programmer? How did you start? RailsSaaS conf

Free Friendly Show E1 Pilot 😬. You need a CS degree to be a programmer? How did you start? RailsSaaS conf

27/05/2023 (12 months ago)

Ruby on Rails #53 Gem Public Activity - add an Activity Feed to your app

Free Ruby on Rails #53 Gem Public Activity - add an Activity Feed to your app

07/09/2021 (over 2 years ago)