Ruby on Rails #77 HACKERMAN: strong params authorization

09/05/2022 (almost 2 years ago)

Even if some parameters are not visible or editable in the HTML, it does not mean a user won't be able to change them. This way a user can potentially do malicious actions in your app. Make sure that only expected attributes are editable, using strong params!

Episode source code:

Text version:

Rails Docs:

Sign in to join the conversation