Akshay Khot - Write Software, Well

Why You Need Strong Parameters in Rails

In 2012, GitHub was compromised by Mass Assignment vulnerability. A GitHub user used mass assignment that gave him administrator privileges to none other than the Ruby on Rails project. In this post, I will explain this vulnerability and how you can use the Rails strong parameters API to address it.

Controllers 7 min read

Working with HTTP Responses in Rails

In this post, we'll learn how to work with the response object in Rails controllers — from inspecting response bodies and headers to setting status codes and content types. This guide also covers key methods like body, status=, content_type, cookies, and more, with practical examples.

Controllers 4 min read

Working with HTTP Requests in Rails

Every web application needs to process incoming HTTP requests. In this post, we’ll take a closer look at how Rails handles requests, how you can access the request object in the controller, and some of the most useful methods it provides to gather meaningful data from the request.

Controllers 8 min read

Understanding Rails Parameters

Rails parameters let you access data sent by the browser, both via the URL and forms. In this article, we'll cover the basics of parameters, including what they are, how they work, and why they're important. We'll also learn how you can pass parameters in different formats such as arrays and hashes.

Controllers 9 min read

New Series on Rails Controllers

This is the first post in a new series that explores the Rails controllers in detail. This post covers the basics, providing a brief overview of controllers, why we need a controller, and how to create one. We'll start exploring more advanced stuff about controllers starting from the next post.

Controllers 6 min read

Restrict Destroying Dependent Rails Associations with Error

The dependent: :restrict_with_error option is a simple way to enforce data integrity in Rails apps. By preventing deletions of parent records with existing associations and providing helpful errors, it ensures historical data remains intact while guiding users on how to handle dependencies properly.

4 min read

Backup SQLite from a Containerized Rails App Deployed with Kamal

This post walks through backing up a SQLite database inside a Docker container on a remote server, specifically for a Ruby on Rails application deployed with Kamal. We'll begin with the basic commands, then convert them into a reusable shell script and a Rake task for convenience.

4 min read

Working with the Rails Instrumentation API

The Instrumentation API in ActiveSupport serves a dual purpose. You can use it to implement the observer (pub-sub) pattern, as well as benchmark how long it took to execute some action. In this post, we'll learn almost everything you need to know about the Rails Instrumentation API.

Rails Internals 5 min read

How a Ruby Method Becomes a Rails Action: Part One

In this post, we will explore how a simple Ruby method, when added to a controller, becomes an action in Rails, ready to process incoming HTTP requests and send responses. We'll also trace the path of an incoming HTTP request to a Rails controller action.

Rails Internals 7 min read

Using Hotwire for Inline Form Updates Without Form Submission

Sometimes you need dynamic content on the form, where parts of the form update based on the user input. This post shows how to use Hotwire's Turbo and Stimulus libraries for in-place form updates by loading data from the server, without submitting the form, which happens only once, at the end.

Hotwire 6 min read

A Brief Introduction to Rails Initializers: Why, What, and How

At first glance, Rails initializers seem complex, but they're solving a simple, but important problem: run some code after framework and gems are loaded, to initialize the application. This post covers the basics of initializers, including what they are, how they work, and how Rails implements them.

Rails Internals 7 min read

Not-Null Shortcut in Rails 8 Migration Generator

Rails 8 lets you mark a database column as not-null by appending an exclamation mark after the column while generating a migration. It's a nice quality of life improvement. This post also contains a few things I learned after reading the pull request.

2 min read