To those writing programming language benchmarks: Stop benchmarking rand(). You are hurting security by penalizing default CSPRNG use.
-
-
I'm OK with heavyweight frameworks that do lots for you. But I don't think it's right to blame security for a 1ms overhead. I'm not a security expert, tho, so maybe I am missing how bcrypt is supposed to be used. If so, I want to be corrected so I don't write insecure code!
-
I don't think we need to spend a lot of time discussing 1ms of overhead is my point. But there's a lot of security by default in rails: CSRF protection, XSS protection, secure cookies, "strong parameters", various DOS mitigations, etc. It adds up.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.