DigiNews

Tech Watch by Johan Denoyer

← Back to articles

Protecting rubygems.org from the outside in: DoS prevention and compromised passwords

Quality: 8/10 Relevance: 9/10

Summary

RubyGems.org introduced two security improvements: AST-based validation of gem metadata to replace dangerous YAML deserialization during pushes, and an integration with Have I Been Pwned to block login attempts with compromised passwords using k-anonymity. These changes reduce the risk of supply-chain attacks and credential stuffing, while preserving user privacy.

🚀 Service construit par Johan Denoyer