security

Pundit provides simple, object-oriented authorization. Policies encapsulate authorization rules in plain Ruby classes. Each model gets a policy class defining who can perform actions. I use Pundit for fine-grained permissions—different users see diffe

Manage container images across registries including Docker Hub, AWS ECR, and GitHub Container Registry. Automate image tagging strategies, implement lifecycle policies for cleanup, scan for vulnerabilities with Trivy, and set up cross-region replicati

Password reset endpoints should reveal as little as possible about account existence. I return the same response for known and unknown emails, store only token digests, and invalidate tokens after first use. Small response details here prevent large i

CORS configs have a habit of getting more permissive over time until you’re basically allowing any origin. I keep an explicit allowlist and handle credentials carefully. If you allow cookies, you can’t use * as the origin. I also keep preflight respon

CORS (Cross-Origin Resource Sharing) controls which domains can access APIs. Browsers enforce same-origin policy by default. I configure allowed origins, methods, headers, and credentials. @CrossOrigin enables CORS per controller or method. Global con

Kubernetes RBAC (Role-Based Access Control) restricts cluster access by user, group, or service account. Roles define permissions within a single namespace using rules with apiGroups, resources, and verbs. ClusterRoles apply cluster-wide. RoleBindings

Cross-Origin Resource Sharing (CORS) allows browsers to make requests from React apps hosted on different domains than the Rails API. The rack-cors gem configures CORS middleware with fine-grained control over origins, methods, and headers. In develop

User content needs defense in depth: markdown rendering + sanitization + link attribute hygiene. Keep the allowed tags list explicit and test it. Don’t trust upstream renderers to be safe by default.

Even in API-heavy systems, I occasionally render HTML emails or a lightweight admin page. I always use html/template (not text/template) so content is escaped by default, which prevents accidental XSS when variables contain user input. I also keep tem

When receiving webhooks from external services, signature verification ensures the payload comes from the claimed sender and hasn't been tampered with. Services like Stripe and GitHub include an HMAC signature in headers computed from the request body

Security-relevant actions need durable, queryable audit trails. I log actor, action, target, request context, and result in a structured format that can feed SIEM pipelines directly. Good audit logs help with investigations and deterrence; vague logs

Large file uploads don’t belong on app servers. My default is: the server issues a short-lived pre-signed URL, the browser uploads directly to S3, then the server stores the object key. That keeps latency low and costs predictable. Before signing, I v