Ynon Perek

32 posts

Is This Code Safe?

A Recent code example I found online got me thinking about how explicit should our security procedures be, or in other words that one should still use best security practices even when the framework provides these tests automatically. Below you'll find the example and my reasoning. As always would love to hear your opinion too. The Code This time we're dealing with ruby and this following snippet shows how to handle file upload in Sinatra: post '/save_image' do @filename = params[:file][:filename] file = params[

Read more

React Form Handling

React doesn't provide a standard method to write forms, and that gap leaves many developers searching for ready-made solutions. Problem is many of the existing solutions feel over engineered or not flexible enough. I think the reason is React apps (and developers) have different viewpoints, and so it's not easy to create a single solution that fits all. Instead it may be better to build your own form components or even multiple sets of form components to fit each part of the application. In this post

Read more

Using Nginx As A Simple URL Shortener

For a long time I used bit.ly (and tinyurl before that) to provide friends and students with short URLs. But that was not perfect. Using bit.ly meant I lost branding control, and that the URLs I wanted were not always available. Owning a domain and a VPS makes it trivial to build your own url shortener. Here's how. Shortening URLs with nginx A URL shortener is just an HTTP server that responds with 301 when known shortcuts are accessed. The following nginx configuration does

Read more

My Top 6 Common Weaknesses Every Programmer Should Know By Heart

Common Weakness Enumeration, or in its short name CWE, lists about 700 common mistakes developers make while writing code. Remembering or even reading the entire list can be a challenge. But there are some repeating ideas that due to their massive potential impact it is important to know (and tell your friends) about. Injections The first is of course injections, which in their many forms have caused chaos throughout the industry. Not long ago the entire internet was vulnerable to CWE-89 - SQL Injection. Today CWE-79

Read more

Debugging A Broken Elixir Macro

Elixir has many unique features that make it interesting to learn. One of them is its ability to manupulate AST before a program is started, known as macros. But macros can be misleading as shown in the following snippet Broken List Length Macro Consider the following macro that "calculates" a list length: defmacro broken_length(list) do val = length(list) quote do: unquote(val) end An elixir macro takes a quoted expression and returns a new quoted expression. Forgetting the input is also a

Read more