You're reading from Polished Ruby Programming Build better software with more intuitive, maintainable, scalable, and high-performance Ruby code

Product type Paperback

Published in Jul 2021

Publisher Packt

ISBN-13 9781801072724

Length 434 pages

Edition 1st Edition

Languages

Ruby

Concepts

Programming Language

Author (1):

Jeremy Evans

View More author details

Table of Contents (23) Chapters

Preface

1. Section 1: Fundamental Ruby Programming Principles

2. Chapter 1: Getting the Most out of Core Classes FREE CHAPTER

3. Chapter 2: Designing Useful Custom Classes

4. Chapter 3: Proper Variable Usage

5. Chapter 4: Methods and Their Arguments

6. Chapter 5: Handling Errors

7. Chapter 6: Formatting Code for Easy Reading

8. Section 2: Ruby Library Programming Principles

9. Chapter 7: Designing Your Library

10. Chapter 8: Designing for Extensibility

11. Chapter 9: Metaprogramming and When to Use It

12. Chapter 10: Designing Useful Domain-Specific Languages

13. Chapter 11: Testing to Ensure Your Code Works

14. Chapter 12: Handling Change

15. Chapter 13: Using Common Design Patterns

16. Chapter 14: Optimizing Your Library

17. Section 3: Ruby Web Programming Principles

18. Chapter 15: The Database Is Key

19. Chapter 16: Web Application Design Principles

20. Chapter 17: Robust Web Application Security

21. Assessments

22. Other Books You May Enjoy

Performing access control at the highest level possible

Many security issues in Ruby web applications are due to missing authentication or authorization checks when processing a request. This is especially common in web frameworks that separate routing from request handling and use some type of conditional before hook for performing access control. Let's say you have a Rails controller that uses a before hook for access control:

class FooController < ApplicationController
  before_action :check_access
  def index
    # ...
  end
  def create
    # ...
  end
  # ...
  private def check_access
    # ...
  end
end

This is probably not likely to result in access control vulnerabilities since the access is checked for every action. However, let's say you set the before_action hook so that it's conditional, like so: