Rationale for Strong Parameters in Rails

Modern versions of the Rails framework recommend that you utilize strong parameters. Strong parameters are essentially a whitelist of parameters that a user/API client is able to pass to methods such as create and update.

I've included a link to a comprehensive guide that describes why strong parameters are important, and it comes down to the following criteria:

Strong parameters prevent mass assignment. This means that users are not able to change values that they shouldn't have access to change. Imagine a scenario where you have a Project Management application that has a User model. And the User model has a counter cache column that keeps track of how many projects the user has successfully completed. If you don't have a way of whitelisting parameters, a user could update their form in the browser, manually create a new element called projects_completed and manually increase the number to make it look like he/she completed more projects than they actually did. A set of whitelist parameters will block attempts like this.