Continuing from Episode 300, we look at creating a password reset feature. We explore some of the security concerns around this feature and some mitigating options.

We may come across a need to run shell commands and Ruby has some built in methods which appear safe, but can introduce major security risks.

In Rails 7.1, we're going to get a new feature that will allow us to generate tokens for attributes. With generates_token_for, a token can embed data from a record. When using the token to fetch the record, the data from the token and the data from the record will be compared.

We have a look at integrating the HaveIBeenPwned service with Devise so that our users will some awareness of their password being potentially compromised.

Learn to create a reusable Stimulus controller to be able to toggle fields so that we can hide sensitive information from prying eyes, screenshots or when sharing our screen.