131: Start Securing Elixir and Phoenix
Thinking Elixir Podcast
00:00
The Safe URL Library to Stop SSRF Attacks
The engineers at SLAB released an open source library in Elixir, which was very exciting for me to see. Called Safe URL, it looks at the user input and determines if it's malicious. So they use it at SLAB, I believe, it would make sense. And they have to deal with untrusted user input. It's very nice that they've open sourced it and the whole community can really benefit from this.
Transcript
Play full episode
Transcript
Episode notes
Securing our apps is our responsibility as developers. We are the custodians and the guardians of our user's data. We met up again with Michael Lubas to discuss some lesser known community security resources and helpful tips to get us started with securing our Elixir and Phoenix applications!
Show Notes online - http://podcast.thinkingelixir.com/131
Elixir Community News
- https://erlangforums.com/t/otp-25-2-released/2166 – Erlang/OTP 25.2 is the second maintenance patch package for OTP 25, with mostly bug fixes as well as improvements.
- https://twitter.com/livebookdev/status/1603787699458113539 – HuggingFace announced “spaces”, a feature that lets people run Docker images on HuggingFace.
- https://huggingface.co/spaces/livebook-dev/single_file_phx_bumblebee_ml – Elixir Phoenix was specifically shown as a Docker example on HuggingFace
- https://twitter.com/sean_moriarity/status/1602817446875992066 – Sean Moriarity added “negative prompts” feature to Nx's Stable Diffusion support.
- https://github.com/elixir-nx/bumblebee/pull/109 – PR adding "negative prompt" support
- https://twitter.com/miruoss/status/1604849993130676225 – Michael Ruoss has a new Kino plugin for working with kubernetes pods
- https://github.com/mruoss/kino_k8s_term – KinoK8sTerm
- https://twitter.com/livebookdev/status/1603391808209391617 – Livebook added two new neural network tasks to Bumblebee integration.
- https://twitter.com/hanrelan/status/1603470678081929216 – Customized Livebook Stable Diffusion shows intermediate steps when generating images.
- https://blog.ftes.de/elixir-dijkstras-algorithm-with-priority-queue-f6022d710877 – Fredrik Teschke wrote a blogpost using Livebook to visualize Dijkstra's algorithm for finding the shortest path between nodes in a graph.
- https://notes.club/ – Notesclub is a website by Hec Perez that makes it easy to share and discover Livebook notebooks online.
- https://twitter.com/louispilfold/status/1602740866602631170 – Louis Pilfold announced his last full day at Nomio. He is now working full time on Gleam.
- https://twitter.com/louispilfold/status/1600960290455113728 – Louis Pilfold shared that Bumblebee, Nx and Axon work in Gleam thanks to Gleam's new Elixir support.
- https://twitter.com/kipcole9/status/1604929772253229057 – Kip Cole has a library called Image. He added
Image.Classification.classify(image)using Bumblebee. - https://sessionize.com/code-beam-lite-stockholm-2023 – Code BEAM Lite Stockholm 2023, 12 May 2023, Stockholm, Sweden. Call for speakers is open until Feb 5th 2023.
Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at show@thinkingelixir.com
Discussion Resources
- https://paraxial.io
- https://paraxial.io/blog/securing-elixir – Securing Elixir/Phoenix Applications - 5 Tips to Get Started
- https://paraxial.io/blog/xss-phoenix – Cross Site Scripting (XSS) Patterns in Phoenix
- https://podcast.thinkingelixir.com/93 – Previous interview with Michael
- https://www.youtube.com/watch?v=w3lKmFsmlvQ – ElixirConf 2017 - Plugging the Security Holes in Your Phoenix Application - Griffin Byatt
- https://felt.com/blog/rate-limiting – Rate Limiting Algorithms for Client-Facing Web Apps by Tyler Young
- https://github.com/podium/elixir-secure-coding – Elixir Secure Coding Training (ESCT) that runs in Livebook
- https://github.com/rrrene/html_sanitize_ex
- https://fly.io/phoenix-files/github-actions-for-elixir-ci/ – Blog post about Elixir CI/CD checks
- https://github.com/mirego/mix_audit – mix_audit
- https://hexdocs.pm/mix/Mix.Tasks.Deps.Unlock.html – mix hex.audit
- https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/ – Erlang Ecosystem Foundation resource - Secure Coding and Deployment Hardening Guidelines
- https://github.com/slab/safeurl-elixir – SafeURL hex package by Slab
- https://slab.com/
Guest Information
- https://twitter.com/paraxialio – on Twitter
- https://github.com/paraxialio/ – on Github
- https://paraxial.io/ – Blog
- michael@paraxial.io
- https://genserver.social/paraxial – on Mastadon
Find us online
- Message the show - @ThinkingElixir
- Message the show on Mastadon - @ThinkingElixir@genserver.social
- Email the show - show@thinkingelixir.com
- Mark Ericksen - @brainlid
- Mark Ericksen on Mastadon - @brainlid@genserver.social
- David Bernheisel - @bernheisel
- David Bernheisel on Mastadon - @dbern@genserver.social
- Cade Ward - @cadebward
- Cade Ward on Mastadon - @cadebward@genserver.social
Sponsored By:
The AI-powered Podcast Player
Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
