4 Matching Annotations
  1. Sep 2020
  2. github.com github.com
    Dynamic :action segment deprecation forces application bloat after suggested workaround · Issue #27231 · rails/rails
    1
    1. TylerRick 03 Sep 2020
      Instead of deprecating the :action segment entirely, only deprecate it if there isn't a qualifier (in our case, we have a Regex whitelist). If a Regex isn't acceptable, perhaps create a specific "whitelist" constraint on the :action segment, and don't allow dynamic :actions without the whitelist constraint.
      blacklists whitelists
    Visit annotations in context

    Tags

    Annotators

    URL

    github.com/rails/rails/issues/27231
  3. Jul 2020
  4. ruby-prof.github.io ruby-prof.github.io
    ruby-prof
    1
    1. TylerRick 20 Jul 2020
      ruby-prof provides two options to specify which threads should be profiled: exclude_threads:: Array of threads which should not be profiled. include_threads:: Array of threads which should be profiled. All other threads will be ignored.
      whitelists blacklists threads (computing) profiler
    Visit annotations in context

    Tags

    Annotators

    URL

    ruby-prof.github.io/
  5. Apr 2020
  6. guides.rubyonrails.org guides.rubyonrails.org
    Ruby on Rails Security Guide — Ruby on Rails Guides
    2
    1. TylerRick 28 Apr 2020
      Don't try to correct user input by blacklists: This will make the attack work: "<sc<script>ript>".gsub("<script>", "")
      easy to forget security blacklists
    2. TylerRick 28 Apr 2020
      When sanitizing, protecting or verifying something, prefer whitelists over blacklists.
      security: sanitizing input whitelists blacklists good policy/practice/procedure
    Visit annotations in context

    Tags

    Annotators

    URL

    guides.rubyonrails.org/v5.0/security.html