authenticate_by: Prevent timing-based enumeration of users.
26-Apr-2024 588
With the introduction of authenticate_by in Rails 7.1, we can now prevent enumeration attacks based on response timesAn enumeration attack based on response times is what I showed above. An attacker will be able to test emails by brute force and will be able to tell when an email exists or not in our database by analyzing the response times of our web application or rather of the http request.A very simple example using the above code would give us response times like this:.
authenticate_by: Prevent timing-based enumeration of users. #ruby #rubydeveloper #rubyonrails #authenticate_by: #Prevent #timing-based #enumeration #users. https://rubyonrails.ba/link/authenticate_by-prevent-timing-based-enumeration-of-users