Abhishek14
Insecure use of binary_to_term
It is recommended not to use binary_to_term. what is the secure way to use it.
Most Liked
realcorvus
For those coming from google,
NOT SAFE: :erlang.binary_to_term(user_input, [:safe])
SAFE: Plug.Crypto.non_executable_binary_to_term(user_input, [:safe])
This is extremely important if your application passes user input to binary_to_term. The $425 million Equifax breach happened due to an Apache Struts web app that was vulnerable to RCE. Java is to Struts what Ruby is to Rails and Elixir is to Phoenix.
Article with some more details about how this happened in the paginator library: Elixir/Phoenix Security: Remote Code Execution and Serialisation
5
voltone
This may help: Serialisation and deserialisation | EEF Security WG
4
Popular in Discussions
Looking at the stacks that existing large companies have used, WhatsApp internally uses Mnesia to store the messages, while Discord uses ...
New
Hello,
I want to share a project I’ve been working on for a while:
https://github.com/almightycouch/gitgud
Background
Some time ago I ...
New
What learn first? Rust or Elixir
Hi Elixir community!
I’m here because i want learn a new language. I’m a junior developer and mainly i ...
New
Background
This question comes mainly from my ignorance. Today is Black Friday, one of my favorite days of the year to buy books. One boo...
New
https://nitter.net/josevalim/status/1744395345872683471
https://twitter.com/josevalim/status/1744395345872683471
New
Hey everone!
I created a prototype for my app using Nodejs for the api. But the framework I chose wasnt great (in general theresnt any g...
New
If a newbie asked you about Phoenix Contexts, how would you explain the basics to them?
Feel free to be as concise or in-depth as you li...
New
Hello everyone!
A few days ago I’ve created a topic here about how people were creating CMSs with Elixir and Phoenix. I’ve been studying...
New
In general I’ve been sticking to this community style guide GitHub - christopheradams/elixir_style_guide: A community driven style guide ...
New
Seen any cool LiveView demos, sample apps or examples? Please post them here! :003:
New
Other popular topics
Hi, this is for people who, like me, have had some friction using .html.heex templates in VSCode.
The solution seems to be, in a hyphena...
New
Hello!
tl;dr Announcing Oban, an Ecto based job processing library with a focus on reliability and historical observability.
After spen...
New
After calling mix ecto.create I get this error:
17:00:32.162 [error] GenServer #PID<0.412.0> terminating
** (Postgrex.Error) FATAL...
New
I have seen a lot of code which picks the first element from a list using Enum.at(0) instead of List.first. Is there a reason why people ...
New
Surface is an experimental library built on top of Phoenix LiveView and its new LiveComponent API that aims to provide a more declarative...
New
lets say i have a sample like
a = 20; b = 10;
if (a > b) do
{:ok, "a"}
end
if (a < b) do
{:ok, b}
end
if (a == b) do
{:ok, "equa...
New
Using vs code and installed ElixirLS: support and debugger.
And I got an error popped up on start up says
Failed to run ‘elixir’ comma...
New
I am using Ecto timestamps with postgres, I can see the timestamps() use the :naive_dateime but for my use case I wanted to store the ti...
New
Elixir plugin for JetBrain’s IntelliJ Platform (including Rubymine)
This is a plugin that adds support for Elixir to JetBrains IntelliJ...
New
Update:
How to use the Blogs & Podcasts section
You can post links to your blog posts or podcasts either in one of the Official Blog...
New
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








