Generating special tokens that are unique, tamper proof and that can store information like the purpose of the token and the token's expiry can be very useful in certain scenarios. You can create a unique token for specific purposes like email_verification or password_reset, attach them to your application URL endpoint and send it to the user via email. Up until now, you might have used the ActiveRecord::SignedId API that allows you to create expirable tokens. And you can query ActiveRecord to find the record using the signed id. Consider a scenario where we want to send a

If you're hosting your web server in a particular region, it might be necessary to comply with the GDPR norms of that region. Anonymizing and encrypting data becomes necessary in such situations. In this blog, we will discuss the attribute encryption that Rails 7 provides right out of the box. And we will also see the Deterministic & Non Deterministic approaches. (If you're using Rails version lesser than 7, check out our previous blog here on how to write a custom encryption framework.) ActiveRecord attribute encryption in Ruby on Rails for better securityIn this blog post, we will explore a

The web is a weird place. You go to sleep thinking that you have a perfectly functional web application and the next day when you wake up, you might find yourself staring at a sudden huge spike in the number of requests. Either your app got popular overnight or you were just a victim of a DOS attack trying to bring your app server down. Usually, it's the latter. There are some popular gems like rack-attack and rack-throttle which work quite well and provides a lot of flexibility. But if you're looking to write your custom logic with minimum dependencies,