Posts by Leonardo Tegon

Incorrect Access Control in Simple Form (CVE-2019-16676)

Simple Form version 5.0 was released today with a fix for a security issue that could allow an attacker to execute methods on form objects. The issue is explained in details below.

Improve confirmation token validation in Devise (CVE-2019-16109)

Devise version 4.7.1 was released with a fix for an edge case that could confirm accounts by mistake. We’ll explain now in details what is the issue, how it was fixed and which actions you might want to take in your applications. Description We received a security report saying that it was possible to confirm … »

Custom authentication methods with Devise

In the past, we have been asked to include other authentication methods in Devise (e.g. token-based and magic email links). Although it might make sense to include those for some applications, there is no plan to support them in Devise. But don’t be upset, it turns out you might not need to override Devise’s SessionsController … »

Índices para JSONB no Postgres

No Postgres existe a opção de salvar dados como JSON – o que pode ser muito útil especialmente quando temos muitas incertezas quanto aos requisitos de negócio que ajudariam na modelagem das tabelas. A flexibilidade de poder armazenar os dados sem se preocupar com a estrutura das tabelas parece interessante, porém qual o impacto disso … »