Rails Fundamentals: Introducing Strong Parameters easyactiverecord.com
One of Rails' most visible historical protections against malicious data corruption involved using the
attr_accessiblemethod within a model to identify which model attributes could be passed into methods like
update_attributesfor mass assignment. This changed with Rails 4, thanks to a new approach for managing mass assignment behavior. Known as strong parameters, the task of defining which parameters are available for mass assignment has been moved out of the model and into the controllers, allowing developers to define mass assignment behavior according to action. In this tutorial, I'll introduce you to strong parameters, and include several usage examples.