3 simple Rails security improvements you can do with a few minutes investment:
🧵👇
Even though Rails has secure defaults, there are still plenty of ways to shoot yourself in the leg, or to get compromised.
If you incorporate these 3 simple changes to your application, you will level up your application's security posture.
Setup dependency vulnerability monitoring.
Using dependencies with known vulnerabilities is a huge security risk.
To mitigate this, you can setup a Github action to run bundle audit and yarn audit on your codebase regularly and patch when needed.
One of Ruby's great features is method chaining.
For instance, Active Record heavily relies on this and method chaining enables us to do cool things like User.where("active = 1").count.
Have you ever wondered how is that possible?
Let's look into it, it is pretty simple.
🧵👇
Let's use a simple example of having a user model and you want to be able to set a default password for your user when they signup via OAuth. So you want to be able to do something like this in your controller:
Then in your model you would implement the set_password method: