You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I don't know how the other enforcers work, but given the likelihood of users tampering with input and the relative infrequency of change to this library, it may be worth having this logic fail closed to block the request. (Also dependent upon SLAs, etc.) If it should be up to the user, that may be an option as well.
How do the other enforcers work?
Also, because this is such a severe error (bypassing request scoring/blocking due to an unexpected error), it may be worth logging a queryable string in addition to the error message.
The text was updated successfully, but these errors were encountered:
FYI, it looks like the Ruby enforcer will fail open (allow traffic through) in the case of an error with the library, here: https://github.com/goatapp/perimeterx-ruby-sdk/blob/209e1f757d41af744c4d5b41a7ad5a3fe55d9e2e/lib/perimeter_x.rb#L126-L126
I don't know how the other enforcers work, but given the likelihood of users tampering with input and the relative infrequency of change to this library, it may be worth having this logic fail closed to block the request. (Also dependent upon SLAs, etc.) If it should be up to the user, that may be an option as well.
How do the other enforcers work?
Also, because this is such a severe error (bypassing request scoring/blocking due to an unexpected error), it may be worth logging a queryable string in addition to the error message.
The text was updated successfully, but these errors were encountered: