Elixir Blog Posts

How do you efficiently search through millions of names in Postgres and Ecto? This blog post dives into Postgres’ ILIKE and SIMILARITY operators and their important caveats.

Also included: The most in-depth explanation of how Postgres calculates the SIMILARITY score ever!

1 Like

Enjoyed reading it!

Regarding:

SET pg_trgm.similarity_threshold = 0.3;

Sadly, at the time of writing, we were not able to find a solution that allows us to configure this threshold for an Ecto.Repo (tips are more than welcome).

You could do:

query_args = ["SET pg_trgm.similarity_threshold = 0.3", []]

config :my_app, MyApp.Repo,
  username: "postgres",
  password: "postgres",
  database: "demo_dev",
  hostname: "localhost",
  pool_size: 10,
  after_connect: {Postgrex, :query!, query_args}

The above is an adjusted excerpt from the ebook “The Little Ecto Cookbook” by Dashbit, where they showed how to set a particular schema for a repo.

4 Likes

Thank you! Oh that’s so cool! I’ll update the blog post tomorrow! thanks so much! :slight_smile:

We’ve published a new article, “Oban Starts Where Tasks End,” to answer the question, “why do we need background jobs when we have tasks?”

6 Likes

This article will focus on two intertwined languages: Elixir and Erlang.

1 Like

Cross Site Scripting (XSS) Patterns in Phoenix

If you’ve ever been involved with a pentest on an Elixir application, you know someone calling “raw/1” directly on user input is rare, along with bypassing the view/template/render pattern to render HTML. The author of Sobelow, Griffin Byatt, mentions this in his ElixirConf talk, ElixirConf 2017 - Plugging the Security Holes in Your Phoenix Application It’s a fantastic talk, he gives the example of file upload leading to XSS. I close out this blog post with that example, and hope you find it useful in ensuring the security of your own apps.

1 Like

Thanks for the helpful information. I will be putting this to use.

1 Like

Nice find and while you are at it there is also @moduletag which allows you to do the same but at the module level. I use this tagging to segment my unit tests from their integration and system tests siblings.

1 Like

Nice series. Is this something you could also leverage for Facebook Workplace?

This epic article of 4500 words covers everything there is to know about efficient full-text search with Postgres and Ecto. It explains how Postgres’ full-text search works and how you can use indexes to speed up your search. It also covers search modifiers, query testing, extracting headlines, and so much more!

11 Likes

I fell off the writing wagon a couple years ago, after my first child was born, but I’m trying to hop back on! Here’s a rundown of a method I’ve been using to handle combinatorial explosions of query parameters in my Phoenix applications.

In this blog post, I share how to create a reproducible development environment for Elixir with Nix. Let me know what you think :slight_smile:

2 Likes

Today’s article explains how to simulate a bad internet connection when developing locally by adding latency, jitter, and package loss to your connection. It’s crucial to test your app under these circumstances before deploying it. Otherwise, especially users on a mobile connection will have a bad UX when using your site.

4 Likes

Securing Elixir/Phoenix Applications: 5 Tips to Get Started

Hey everyone, this article consists of five recommendations:

  1. Read the EEF’s Secure Coding and Deployment Hardening Guidelines
  2. Use Sobelow for static analysis
  3. Check for vulnerable dependencies with MixAudit
  4. Harden your application against bot attacks (I don’t recommend reCaptcha)
  5. Use the SafeURL library to stop SSRF attacks

Hope it’s useful in your work!

2 Likes

How to serve the webfinger protocol using phoenix:

5 Likes

Learn how to build a Roles and Permissions (RAP) system for Phoenix! Not all your users should have access to all your data. A RAP helps you to set up user groups and control which data they can access through permissions.

3 Likes

Thanks for the post, Peter!

It was very timely for me, as I’ve been working on an authorization library over the last few days and took this as an opportunity to integrate it with your RAP example. I wrote up some thoughts and added the modified modules in a gist. It was a great opportunity to see how the auth library I’m working on might integrate with the permissions architecture you presented. Would love to hear your (or anyone else’s) feedback, if you find time to take a look.

Looking forward to part 2!

1 Like

This is so cool!!! Amazing work! :blush: Do you have a thread here where we could discuss this? I have a few thoughts :muscle:

Thank you so much for saying so! And yes, I posted a feedback thread here.

Elixir/Phoenix Security: Introduction to Cross Site Request Forgery (CSRF)

This post covers how a CSRF attack works, and the defaults Phoenix gives you to discourage writing vulnerable code.