Ruby on Rails includes a built-in security feature called “strong parameters.” Parameters sent by a web form are accessible when called directly. However, the parameters are considered “unsafe” when used as a hash of values provided to an object using mass assignment. They will be skipped unless they have been whitelisted first using “require” and “permit.”
- [Instructor] In the last movie, we created a web form…which will submit its values to the create action…but, when we tried to use it, we got back an error.…To fix that error, we need to learn about…mass assignment and strong parameters.…Mass assignment is the term for passing a hash of values…to an object to be assigned to the object's attributes.…New, create, and update_attributes…are the primary methods that use mass assignment…but there are a few others, as well.…In each one of these cases,…you can see that we're taking a hash of values…and we're essentially just dumping them into the object…and asking the object to assign all of the attributes…based on that hash.…
That's what mass assignment is.…Rails is making our lives much easier…by allowing us to assign values to this object all at once…instead of having to do it on-by-one.…Unfortunately, this convenience also introduces…a major security issue.…Imagine that we have a form which lets users…update their username.…It's a parameter for username and we use update_attributes,…
- Creating and configuring a new Ruby on Rails project
- Generating controllers and views
- Handling server requests
- Using different types of routes
- Rendering and viewing templates
- Generating migrations and models
- Creating, updating, and deleting records
- Finding records with queries
- Understanding relationship types
- Writing controllers for CRUD
- Working with layouts and helpers
- Managing application assets
- Building forms
- Validating data
- Authenticating users
Skill Level Beginner
1. What Is Ruby on Rails?
2. Get Started
3. Controllers, Views, and Dynamic Content
4. Databases and Migrations
5. Models and ActiveRecord
7. CRUD, REST, and Resourceful Routes
8. Controllers and CRUD
9. Layouts, Partials, and View Helpers
12. Data Validation
13. Controller Features
14. User Authentication
15. Improve the Simple CMS
Next steps1m 44s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.