Authentication is at the heart of most web development, yet it is difficult to get right. In this article, Diogo Souza discusses common security problems with authentication systems and how you can resolve them. Even if you never build an authentication system from scratch (you shouldn't), understanding these security concerns will help you make sure whatever authentication system you use is doing its job.
Logging is tricky. You want logs to include enough detail to be useful, but not so much that you're drowning in noise - or violating regulations like GDPR. In this article, Diogo Souza introduces us to Ruby's logging system and the LogRage gem. He shows us how to create custom logs, output the logs in formats like JSON, and reduce the verbosity of default Rails logs.
Some devs use JavaScript in the browser; some use JavaScript on the server. What if you do both?
For quick, scalable, highly-available web services, few options compare to AWS Lambda. Just provide your code, add a little configuration, and you're done! In this article, Milap Neupane will introduce us to Lambda, show us how to get it working with Ruby and the Serverless Framework, and discuss reasons to use — or to not use! — Lambda in production.
Every Rails app has a breaking point; a level of activity that it simply cannot handle. Your braking point depends on big architectural decisions, yes — and also on the tiniest changes committed by your most junior developer. That's why it's vital to regularly test your application's performance under load. In this article, Milap Neupane gives us a Rails-centric introduction to load testing with a powerful open-source tool called JMeter.
When you're deciding on a technology to use for your project, it helps to have a broad understanding of your options. You may be tempted to build a web service in Go for performance reasons - but what would that code actually look like? How would it compare to languages like Ruby or JS? In this article, Ayooluwa Isaiah gives us a guided tour through the building blocks of go web services so you'll be well-informed.
Few things are scarier than a database slowly losing integrity over weeks or years. For a while, nobody notices anything. Then users start reporting bugs, yet you can't find any code that's broken. By the time you realize the problem, it may be happening for so long that your backups are unusable. We can avoid problems like these with skillful use of transactions.
Few things are more frustrating than slow, flaky test suites. You're ready to deploy, wait 20 minutes for CI to run, only to find that a test failure in code you've never touched is blocking you. You dig into the source and find the problem: an external API call. It works (slowly) most of the time. But sometimes the network glitches and it fails. What do you do? In this article, José Manuel shows us several techniques for removing external API dependencies from our tests.
Links are so fundamental to web development that they're almost invisible. When we link to a third-party page, we hardly ever consider how it could become an opportunity to exploit our users. In this article, Julien Cretel introduces us to three techniques that bad actors can use to target our users and discusses how to avoid them.
Text encoding is fundamental to programming. Web sites, user data, and even the code we write are all text. When encoding breaks, it can feel like the floor is falling out from under you. You're cast into a dimension of bitmasks and codepoints. Logs and backtraces are useless. You consider trading your text editor for a hex editor. But there's hope! In this article, Jose Manuél will show us how encoding errors happen, how they're expressed in Ruby, and how to troubleshoot them.
