All tags / #security

#security

3 posts

One Authenticator, Three Doors: Sessions, Tokens, and JWTs in Wheels 4

Peter Amiri

Wheels 4 ships session, API-token, and JWT authentication as pluggable strategies behind one Authenticator registry. Wiring up all three doors — with the sharp edges: private filters, dynamic finders, the 32-byte JWT secret minimum, and the inline-closure constructor that crashes Adobe ColdFusion.

Skip the Plugin: Building a Rate-Limited API in Wheels 4.0

Peter Amiri

Wheels 4.0 ships a real middleware pipeline, and three of the things you used to reach for a plugin to add — rate limiting, CORS, and security headers — are built in. This post walks through wiring a JSON API with per-API-key rate limits, sane proxy handling, and the right ordering so you do not accidentally weaken the very headers you were trying to add.

Security Hardening in Wheels 4.0

Peter Amiri

Wheels 4.0 shipped more than forty security-hardening pull requests across eight categories — SQL, path handling, session integrity, CORS, rate limiting, auth and dev surfaces, CLI and MCP, and view helpers. The common thread is a shift in posture: the framework's defaults are now safe first, convenient second.

Newsletter

Release notes and new posts, once a month. No spam.

Prefer RSS? Subscribe to the feed →