Skip to content

Instantly share code, notes, and snippets.

@yra40
yra40 / Dockerfile
Created July 31, 2018 22:43 — forked from ulrichard/Dockerfile
electron-cash in docker with hardware wallets
FROM debian:testing
#FROM ubuntu:yakkety
MAINTAINER Michal Belica <devel@beli.sk>
EXPOSE 10000
# runs as UID 1000 GID 1000 inside the container
ENV VERSION 3.0
RUN apt-get update \
@yra40
yra40 / side-channel.md
Created June 27, 2018 20:46 — forked from eapache/side-channel.md
GraphQL-Ruby Permissions Side-Channel

Major Caveat: Side-Channel Attacks

When used on object types, dynamic access checks can only be run after the parent field has already been resolved (otherwise there would be no object to pass into the block). Unfortunately, this opens the door for a number of side- channel attacks.

Consider for example the following simplified schema definition:

class QueryRoot &lt; GraphApi::ObjectType