Latest Security posts from Steve Polito

Introducing Top Secret

We’ve written about how to prevent logging sensitive information when making network requests, but that approach only works if you’re dealing with parameters.

Prevent logging sensitive information in Rails, and beyond

The Rails defaults are a good foundation, but it's still your responsibility to filter sensitive information from logs when using external APIs, services, and tools.

Rails advanced routing constraints

Learn how to authorize requests at the routing layer to improve security and ergonomics.

Are you absolutely sure your Rails caching strategy isn't leaking sensitive information?

Rails writes a new cache entry based on the first request. But what happens when that request is from an admin?

How to encrypt files with Ruby and Active Support

Password managers aren't the only way to store and share sensitive information. Learn how to create a simple CLI for encrypting files.

Security

Latest Posts