Since rails4, controller has new feature called "strong parameters".
rails/strong_parameters
"strong parameters" is an alternative for controlling mass assignment. The original ones are known as attr_accessible and attr_protected on ActiveRecord/ActiveModel until rails3. But, because of "Mass Assingment Vulnerability(CVE-2012-2055)" in last year, these features are considered they should be on controller, should not be on ActiveRecord/ActiveModel. So that "strong parameters" begins.
And, the most important thing is, -"strong parameters" is JUST for controlling mass assignment, not for validation-. ActiveRecord/ActiveModel still have their own (and well known) validation features. that's natural because ActiveRecord/ActiveModel is not only used from Web (controllers) but also from non-Web (batches).
No comments:
Post a Comment