Drifting Ruby

Masked Fields

#403 May 28, 2023 pro

Learn to create a reusable Stimulus controller to be able to toggle fields so that we can hide sensitive information from prying eyes, screenshots or when sharing our screen.

rails stimulusjs security javascript

generates_token_for

#380 Dec 18, 2022 pro

In Rails 7.1, we're going to get a new feature that will allow us to generate tokens for attributes. With generates_token_for, a token can embed data from a record. When using the token to fetch the record, the data from the token and the data from the record will be compared.

rails 7.1 security

Cloudflare Turnstile

#379 Dec 11, 2022 pro

Cloudflare Turnstile delivers frustration-free, CAPTCHA-free web experiences to website visitors. In this episode, we'll look at implementing this a few different ways and resolving some issues with Turbo.

rails cloudflare security authentication

Secure User Passwords

#349 May 15, 2022 pro

We have a look at integrating the HaveIBeenPwned service with Devise so that our users will some awareness of their password being potentially compromised.

rails security authentication

Authentication with Sorcery

#321 Oct 31, 2021 pro

Sorcery is a stripped-down, bare-bones authentication library, with which you can write your own authentication flow. In this episode we look at creating the controllers and views for a simple authentication solution.

authentication rails security

Reset Password from Scratch

#316 Sep 26, 2021 pro

Continuing from Episode 300, we look at creating a password reset feature. We explore some of the security concerns around this feature and some mitigating options.

authentication rails security

Hardware Security Keys

#302 Jun 27, 2021 pro

Using a hardware security key for multi-factor authentication is a great way to protect user accounts. In this episode, we look at implementing security keys into our Ruby on Rails applications with Devise user accounts.

authentication rails security

Managing User Session Devices

#301 Jun 20, 2021 pro

In this episode, we look to add on some features to Device with tracking devices that a user has authenticated with and then remote deleting sessions.

authentication devise rails security

Cross-Origin Resource Sharing (CORS)

#254 Aug 9, 2020 pro

Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell browsers to give a web application running at one origin, access to selected resources from a different origin.

javascript rails security

Dynamic Role Management

#247 Jun 21, 2020 pro

Create dynamic roles that can be assigned to users. Based on the assigned role, the user will be able to perform or view various parts of the application.

model rails security

View

Episodes

Sort

Tags

Masked Fields

generates_token_for

Cloudflare Turnstile

Secure User Passwords

Authentication with Sorcery

Reset Password from Scratch

Hardware Security Keys

Managing User Session Devices

Cross-Origin Resource Sharing (CORS)

Dynamic Role Management

Learning Paths

Video Logs new

Blog

Merchandise

Forums new

View

Episodes

Sort

Tags

Masked Fields

generates_token_for

Cloudflare Turnstile

Secure User Passwords

Authentication with Sorcery

Reset Password from Scratch

Hardware Security Keys

Managing User Session Devices

Cross-Origin Resource Sharing (CORS)

Dynamic Role Management