SPECIAL TOPICS
  1. You are here:Home
  2. Articles
  3. rails-7-1-adds-authenticate_by-with-has_secure_password

Rails 7.1 adds authenticate_by with has_secure_password

  • 07/06/2022
  • 1.010

Rails 7.1 introduces a method authenticate_by, used with has_secure_password to prevent timing-based enumeration attacks.Let's say on a website, you enter the username and password and it returns a message after 1 to 2 seconds that "The entered credentials are invalid". When you try to log in with a different username and password, the website responds within microseconds with the same message: "The entered credentials are invalid". You don't see any enumeration vulnerability here, do you? The website doesn't reveal whether or not the user exists.But do you know an attacker can still figure that out?.
Rails 7.1 adds authenticate_by with has_secure_password #ruby #rubydeveloper #rubyonrails https://rubyonrails.ba/single/rails-7-1-adds-authenticate_by-with-has_secure_password

RubyOnRails.BA

If you think that this shoudn't be here on the site, please contact us and we will remove it.

Read more
previous article

Advanced CLI tools with Ruby and dry-cli! | Hanami Mastery

share this post
  • linkedin rubyonrails.ba
  • twitter rubyonrails.ba
  • facebook rubyonrails.ba
next article

Mastering data structures in Ruby — Singly linked lists

quiz.rubyonrails.ba
blog.rubyonrails.ba
Nezir Zahirovic

Contractor Ruby On Rails (8+ years) / MCPD .Net / C# / Asp.Net / CSS / SQL / (11 years)

related articles

Popular Post