Ruby on Rails #77 HACKERMAN: strong params authorization
09/05/2022 (about 2 years ago)
Even if some parameters are not visible or editable in the HTML, it does not mean a user won't be able to change them. This way a user can potentially do malicious actions in your app. Make sure that only expected attributes are editable, using strong params!
Episode source code: https://github.com/corsego/77-strong-params-authorization/commit/4609d17e23b5b5f244e554d91b32e68d852b6ae8
Text version: https://blog.corsego.com/permit-params-by-current-user-roles
Rails Docs: https://api.rubyonrails.org/classes/ActionController/StrongParameters.html
0
Sign in to join the conversation
Recommended based on what you are watching now
17:01
Free Ruby on Rails #103 Simple Omniauth without Devise
16/01/2023 (over 1 year ago)
without devise
devise alternatives
rails authentication
omniauth
oauth2
17:07
Free Ruby on Rails #14 Stripe API - SaaS blog - Stripe Checkout Session, Billing Portal
08/04/2021 (about 3 years ago)
screencast
15:34
Free Ruby on Rails #10 Stripe API - Clear Cart after Checkout, edit Stripe Price
30/03/2021 (about 3 years ago)
screencast
24:38
Free Friendly Show E1 Pilot 😬. You need a CS degree to be a programmer? How did you start? RailsSaaS conf
27/05/2023 (12 months ago)
21:27
Free Ruby on Rails #53 Gem Public Activity - add an Activity Feed to your app
07/09/2021 (over 2 years ago)