131: Start Securing Elixir and Phoenix
Thinking Elixir Podcast
00:00
Elixir LiveBook - Is That the Right Way?
There is a way to strip tags in Markdown that are inherently unsafe. A library called HTML sanitize X has a couple of templates of what HTML is allowed to be rendered and it'll stripped the rest of it out. We hope you'll join us next time on Thinking Elixir.
Transcript
Play full episode
Transcript
Episode notes
Securing our apps is our responsibility as developers. We are the custodians and the guardians of our user's data. We met up again with Michael Lubas to discuss some lesser known community security resources and helpful tips to get us started with securing our Elixir and Phoenix applications!
Show Notes online - http://podcast.thinkingelixir.com/131
Elixir Community News
- https://erlangforums.com/t/otp-25-2-released/2166 – Erlang/OTP 25.2 is the second maintenance patch package for OTP 25, with mostly bug fixes as well as improvements.
- https://twitter.com/livebookdev/status/1603787699458113539 – HuggingFace announced “spaces”, a feature that lets people run Docker images on HuggingFace.
- https://huggingface.co/spaces/livebook-dev/single_file_phx_bumblebee_ml – Elixir Phoenix was specifically shown as a Docker example on HuggingFace
- https://twitter.com/sean_moriarity/status/1602817446875992066 – Sean Moriarity added “negative prompts” feature to Nx's Stable Diffusion support.
- https://github.com/elixir-nx/bumblebee/pull/109 – PR adding "negative prompt" support
- https://twitter.com/miruoss/status/1604849993130676225 – Michael Ruoss has a new Kino plugin for working with kubernetes pods
- https://github.com/mruoss/kino_k8s_term – KinoK8sTerm
- https://twitter.com/livebookdev/status/1603391808209391617 – Livebook added two new neural network tasks to Bumblebee integration.
- https://twitter.com/hanrelan/status/1603470678081929216 – Customized Livebook Stable Diffusion shows intermediate steps when generating images.
- https://blog.ftes.de/elixir-dijkstras-algorithm-with-priority-queue-f6022d710877 – Fredrik Teschke wrote a blogpost using Livebook to visualize Dijkstra's algorithm for finding the shortest path between nodes in a graph.
- https://notes.club/ – Notesclub is a website by Hec Perez that makes it easy to share and discover Livebook notebooks online.
- https://twitter.com/louispilfold/status/1602740866602631170 – Louis Pilfold announced his last full day at Nomio. He is now working full time on Gleam.
- https://twitter.com/louispilfold/status/1600960290455113728 – Louis Pilfold shared that Bumblebee, Nx and Axon work in Gleam thanks to Gleam's new Elixir support.
- https://twitter.com/kipcole9/status/1604929772253229057 – Kip Cole has a library called Image. He added
Image.Classification.classify(image)using Bumblebee. - https://sessionize.com/code-beam-lite-stockholm-2023 – Code BEAM Lite Stockholm 2023, 12 May 2023, Stockholm, Sweden. Call for speakers is open until Feb 5th 2023.
Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at show@thinkingelixir.com
Discussion Resources
- https://paraxial.io
- https://paraxial.io/blog/securing-elixir – Securing Elixir/Phoenix Applications - 5 Tips to Get Started
- https://paraxial.io/blog/xss-phoenix – Cross Site Scripting (XSS) Patterns in Phoenix
- https://podcast.thinkingelixir.com/93 – Previous interview with Michael
- https://www.youtube.com/watch?v=w3lKmFsmlvQ – ElixirConf 2017 - Plugging the Security Holes in Your Phoenix Application - Griffin Byatt
- https://felt.com/blog/rate-limiting – Rate Limiting Algorithms for Client-Facing Web Apps by Tyler Young
- https://github.com/podium/elixir-secure-coding – Elixir Secure Coding Training (ESCT) that runs in Livebook
- https://github.com/rrrene/html_sanitize_ex
- https://fly.io/phoenix-files/github-actions-for-elixir-ci/ – Blog post about Elixir CI/CD checks
- https://github.com/mirego/mix_audit – mix_audit
- https://hexdocs.pm/mix/Mix.Tasks.Deps.Unlock.html – mix hex.audit
- https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/ – Erlang Ecosystem Foundation resource - Secure Coding and Deployment Hardening Guidelines
- https://github.com/slab/safeurl-elixir – SafeURL hex package by Slab
- https://slab.com/
Guest Information
- https://twitter.com/paraxialio – on Twitter
- https://github.com/paraxialio/ – on Github
- https://paraxial.io/ – Blog
- michael@paraxial.io
- https://genserver.social/paraxial – on Mastadon
Find us online
- Message the show - @ThinkingElixir
- Message the show on Mastadon - @ThinkingElixir@genserver.social
- Email the show - show@thinkingelixir.com
- Mark Ericksen - @brainlid
- Mark Ericksen on Mastadon - @brainlid@genserver.social
- David Bernheisel - @bernheisel
- David Bernheisel on Mastadon - @dbern@genserver.social
- Cade Ward - @cadebward
- Cade Ward on Mastadon - @cadebward@genserver.social
Sponsored By:
The AI-powered Podcast Player
Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
