Feb 6 2023

Ransacking your password reset tokens

What is Ruby doing on Rails?
Hello, you're reading Infinum Ruby Drops, bringing you the latest Ruby and Rails related news straight to your inbox every week.
Ransacking your password reset tokens
We demonstrate how the popular Ransack library can be abused to exfiltrate sensitive data via character by character brute-force, allowing for a full application compromise in some cases.
Read More
Rails
One area where Rails does not have great support though is for hosting static Markdown pages along with the rest of the application. Luckily, it's easy to hook into Rails' rendering flow to build out the functionality ourselves.
A Ruby gem to send your ActionMailer mail through one of several delivery methods, selected by weight.
Ruby

RSpec custom matchers can be written using plain old objects.
We’re going to cover a wide range of features to rival JetBrains’s powerful IDE.
We'll use our metaprogramming toolbox for Ruby to configure a gem and have Ruby write code for us.
Blast from the past
Beyond Ruby
As part of our team’s internal initiative, we’ve been aware that it just isn’t enough to set up an error tracking system. A process around it must exist. Just like with tasks, someone has to be responsible, the level of priority must be evaluated, and the error reports must be considered part of the workload.

Improve your database schema safely and without application downtime.
Tooling
Singed makes it easy to get a flamegraph anywhere in your code base. It wraps profiling your code with stackprofor rbspy, and then launching speedscope to view it.

Previous Issues

Load More