Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Polished Ruby Programming

You're reading from   Polished Ruby Programming Build better software with more intuitive, maintainable, scalable, and high-performance Ruby code

Arrow left icon
Product type Paperback
Published in Jul 2021
Publisher Packt
ISBN-13 9781801072724
Length 434 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Jeremy Evans Jeremy Evans
Author Profile Icon Jeremy Evans
Jeremy Evans
Arrow right icon
View More author details
Toc

Table of Contents (23) Chapters Close

Preface 1. Section 1: Fundamental Ruby Programming Principles
2. Chapter 1: Getting the Most out of Core Classes FREE CHAPTER 3. Chapter 2: Designing Useful Custom Classes 4. Chapter 3: Proper Variable Usage 5. Chapter 4: Methods and Their Arguments 6. Chapter 5: Handling Errors 7. Chapter 6: Formatting Code for Easy Reading 8. Section 2: Ruby Library Programming Principles
9. Chapter 7: Designing Your Library 10. Chapter 8: Designing for Extensibility 11. Chapter 9: Metaprogramming and When to Use It 12. Chapter 10: Designing Useful Domain-Specific Languages 13. Chapter 11: Testing to Ensure Your Code Works 14. Chapter 12: Handling Change 15. Chapter 13: Using Common Design Patterns 16. Chapter 14: Optimizing Your Library 17. Section 3: Ruby Web Programming Principles
18. Chapter 15: The Database Is Key 19. Chapter 16: Web Application Design Principles 20. Chapter 17: Robust Web Application Security 21. Assessments 22. Other Books You May Enjoy

Performing access control at the highest level possible

Many security issues in Ruby web applications are due to missing authentication or authorization checks when processing a request. This is especially common in web frameworks that separate routing from request handling and use some type of conditional before hook for performing access control. Let's say you have a Rails controller that uses a before hook for access control:

class FooController < ApplicationController
  before_action :check_access
  def index
    # ...
  end
  def create
    # ...
  end
  # ...
  private def check_access
    # ...
  end
end

This is probably not likely to result in access control vulnerabilities since the access is checked for every action. However, let's say you set the before_action hook so that it's conditional, like so:

class FooController...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime