Elixir Blog Posts

PJUllrich · October 16, 2022, 3:32pm

How do you efficiently search through millions of names in Postgres and Ecto? This blog post dives into Postgres’ ILIKE and SIMILARITY operators and their important caveats.

Also included: The most in-depth explanation of how Postgres calculates the SIMILARITY score ever!

mgibowski · October 16, 2022, 5:20pm

Enjoyed reading it!

Regarding:

SET pg_trgm.similarity_threshold = 0.3;

Sadly, at the time of writing, we were not able to find a solution that allows us to configure this threshold for an Ecto.Repo (tips are more than welcome).

You could do:

query_args = ["SET pg_trgm.similarity_threshold = 0.3", []]

config :my_app, MyApp.Repo,
  username: "postgres",
  password: "postgres",
  database: "demo_dev",
  hostname: "localhost",
  pool_size: 10,
  after_connect: {Postgrex, :query!, query_args}

The above is an adjusted excerpt from the ebook “The Little Ecto Cookbook” by Dashbit, where they showed how to set a particular schema for a repo.

PJUllrich · October 16, 2022, 11:03pm

Thank you! Oh that’s so cool! I’ll update the blog post tomorrow! thanks so much!

sorentwo · October 20, 2022, 4:42pm

We’ve published a new article, “Oban Starts Where Tasks End,” to answer the question, “why do we need background jobs when we have tasks?”

renatacuriosum · October 24, 2022, 10:28am

This article will focus on two intertwined languages: Elixir and Erlang.

realcorvus · October 25, 2022, 1:54pm

Cross Site Scripting (XSS) Patterns in Phoenix

If you’ve ever been involved with a pentest on an Elixir application, you know someone calling “raw/1” directly on user input is rare, along with bypassing the view/template/render pattern to render HTML. The author of Sobelow, Griffin Byatt, mentions this in his ElixirConf talk, ElixirConf 2017 - Plugging the Security Holes in Your Phoenix Application It’s a fantastic talk, he gives the example of file upload leading to XSS. I close out this blog post with that example, and hope you find it useful in ensuring the security of your own apps.

ragamuf · November 1, 2022, 1:02am

Thanks for the helpful information. I will be putting this to use.

ragamuf · November 1, 2022, 1:07am

Nice find and while you are at it there is also @moduletag which allows you to do the same but at the module level. I use this tagging to segment my unit tests from their integration and system tests siblings.

ragamuf · November 1, 2022, 1:10am

Nice series. Is this something you could also leverage for Facebook Workplace?

PJUllrich · November 6, 2022, 5:54pm

This epic article of 4500 words covers everything there is to know about efficient full-text search with Postgres and Ecto. It explains how Postgres’ full-text search works and how you can use indexes to speed up your search. It also covers search modifiers, query testing, extracting headlines, and so much more!

petecorey · November 9, 2022, 9:57pm

I fell off the writing wagon a couple years ago, after my first child was born, but I’m trying to hop back on! Here’s a rundown of a method I’ve been using to handle combinatorial explosions of query parameters in my Phoenix applications.

dmarcoux · November 10, 2022, 8:54am

In this blog post, I share how to create a reproducible development environment for Elixir with Nix. Let me know what you think

PJUllrich · November 13, 2022, 7:12pm

Today’s article explains how to simulate a bad internet connection when developing locally by adding latency, jitter, and package loss to your connection. It’s crucial to test your app under these circumstances before deploying it. Otherwise, especially users on a mobile connection will have a bad UX when using your site.

realcorvus · November 16, 2022, 9:02pm

Securing Elixir/Phoenix Applications: 5 Tips to Get Started

Hey everyone, this article consists of five recommendations:

Read the EEF’s Secure Coding and Deployment Hardening Guidelines
Use Sobelow for static analysis
Check for vulnerable dependencies with MixAudit
Harden your application against bot attacks (I don’t recommend reCaptcha)
Use the SafeURL library to stop SSRF attacks

Hope it’s useful in your work!

LostKobrakai · November 23, 2022, 12:48pm

How to serve the webfinger protocol using phoenix:

PJUllrich · December 4, 2022, 12:32pm

Learn how to build a Roles and Permissions (RAP) system for Phoenix! Not all your users should have access to all your data. A RAP helps you to set up user groups and control which data they can access through permissions.

zachallaun · December 4, 2022, 5:46pm

Thanks for the post, Peter!

It was very timely for me, as I’ve been working on an authorization library over the last few days and took this as an opportunity to integrate it with your RAP example. I wrote up some thoughts and added the modified modules in a gist. It was a great opportunity to see how the auth library I’m working on might integrate with the permissions architecture you presented. Would love to hear your (or anyone else’s) feedback, if you find time to take a look.

Looking forward to part 2!

PJUllrich · December 4, 2022, 9:37pm

This is so cool!!! Amazing work! Do you have a thread here where we could discuss this? I have a few thoughts

zachallaun · December 4, 2022, 9:49pm

Thank you so much for saying so! And yes, I posted a feedback thread here.

realcorvus · December 5, 2022, 9:11pm

Elixir/Phoenix Security: Introduction to Cross Site Request Forgery (CSRF)

This post covers how a CSRF attack works, and the defaults Phoenix gives you to discourage writing vulnerable code.