Rails Against the Machine | Rubyconf MY 2018

Rails Against the Machine Brittany Martin Rubyconf MY 2018 @brittjmartin

Lead Web Developer @ Pittsburgh Cultural Trust ARTS E- COMMERCE
TEN BRANDED PATHS FESTIVAL GUIDES ALL LOVINGLY BUILT WITH RUBY @brittjmartin

HOSTING EMAIL PROVIDER E-COMMERCE CALL CENTER VISUAL ARTS My experience.
@brittjmartin

Norma Skates @ Little Steel Derby Girls @brittjmartin

Host of the 5 by 5 Ruby on Rails Podcast
@brittjmartin

An ideal world. @brittjmartin

In reality. @brittjmartin

Gaming the site. Milking the system. Bending the rules. @brittjmartin

Bad users. @brittjmartin

Manipulation vs. Security. Photo Credit: Moz @brittjmartin

Misbehaving. @brittjmartin

Photo Credit: NFL @brittjmartin

Identify. Photo Credit: Disney @brittjmartin

PERSONAS Ask questions. CUSTOMER SUPPORT LOGS @brittjmartin

“Bad user” examples. @brittjmartin Photo Credit: Dizinga

Photo Credit: Tone Deaf Ticket resellers. @brittjmartin

An American musical. $10.5m. 30 shows. @brittjmartin

Serial returners. @brittjmartin

@brittjmartin Upvote Rings

Profit loss. Lost relationships. Inflation. @brittjmartin

Strategy. @brittjmartin

Choice 2: Quietly degrade. Choice 1: Kick them out. @brittjmartin

Subtlety is key. @brittjmartin

Automation. @brittjmartin

Our tool belt. @brittjmartin

@brittjmartin

@brittjmartin Photo Credit: Choice

@brittjmartin

Define a model. @brittjmartin

class Reseller SAFE_STATES = %w(PA OH WV) RESELLER_CONSTITUENCY = 0
def reseller_tri_state_check(session_key) state = Address.find_billing_address(session_key).state !SAFE_STATES.include?(state) end def reseller_constituency_check(session_key, id) Rails.cache.fetch("reseller_#{session_key}", expires_in: 30.minutes) do response = TessituraRest.new.get_constituencies(id) constituency = response.map{|c| c['ConstituencyType']['Id']} constituency.include? RESELLER_CONSTITUENCY end end end

Mark them. @brittjmartin

def authenticate_the_user authenticate_credentials do |result| result.success { remember_current_user reseller_cookie register_new_reseller
head :ok } result.fail { error_message = 'The username or password entered is invalid. Please try again.' head :bad_request, :ErrorMsg => error_message } end end

Offload. @brittjmartin

class CatchNewResellerWorker include Sidekiq::Worker RESELLER_CONSTITUENCY = 223 def perform(hash) id
= hash[‘id’] response = TessituraRest.new.create_constituencies(RESELLER_CONSTITUENCY, id) ResellerAlertWorker.perform_async(id: id) end end

class ResellerAlertWorker include Sidekiq::Worker def perform(hash={}) notification = { 'username':
'resellerbot', 'icon_emoji': ':skull:', 'fields': [ { 'title': 'Id', 'value': "#{hash['id']}" }, { 'title': 'Alert', 'value': 'Another reseller has been located and tagged!' } ] } RESELLER.ping notification end end slack- notifier.

Cache the check. @brittjmartin

Who’s there? @brittjmartin

Logged in. @brittjmartin

Entice them. @brittjmartin

Anonymous. @brittjmartin

C is for cookie. @brittjmartin

@brittjmartin Execute.

@brittjmartin What can we take away?

Select your own seat. @brittjmartin

@brittjmartin Print at home.

@brittjmartin Exchanges.

@brittjmartin Degrading the experience.

@brittjmartin

Web application firewall. @brittjmartin WAF.

Block, allow, count. Join & reuse. Rules. @brittjmartin

@brittjmartin

GuardDuty. @brittjmartin

@brittjmartin

@brittjmartin Remember.

Logo Credit: Mortal Kombat @brittjmartin

Photo Credit: Pittsburgh Cultural Trust @brittjmartin

Twitter: @brittjmartin Github: @wonderwoman13 Podcast: http://5by5.tv/rubyonrails

Rails Against the Machine | Rubyconf MY 2018

Rails Against the Machine | Rubyconf MY 2018

More Decks by Brittany Martin

Other Decks in Technology

Featured

Transcript