From 57846cb91ad5f2615c96a288a4ecb662cad90a12 Mon Sep 17 00:00:00 2001 From: Ben Kircher Date: Wed, 14 Aug 2024 13:26:01 +0200 Subject: [PATCH] Minor improvements to guides (#5896) * Fix spelling of Node.js in asset management guide * Fix typo in mix phx.gen.auth guide --- guides/asset_management.md | 2 +- guides/authentication/mix_phx_gen_auth.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/guides/asset_management.md b/guides/asset_management.md index 0533bac024..b789ee1774 100644 --- a/guides/asset_management.md +++ b/guides/asset_management.md @@ -76,7 +76,7 @@ If you need to reference other directories, you need to update the arguments abo Phoenix's default configuration of `esbuild` (via the Elixir wrapper) does not allow you to use [esbuild plugins](https://esbuild.github.io/plugins/). If you want to use an esbuild plugin, for example to compile SASS files to CSS, you can replace the default build system with a custom build script. -The following is an example of a custom build using esbuild via Node.JS. First of all, you'll need to install Node.js in development and make it available for your production build step. +The following is an example of a custom build using esbuild via Node.js. First of all, you'll need to install Node.js in development and make it available for your production build step. Then you'll need to add `esbuild` to your Node.js packages and the Phoenix packages. Inside the `assets` directory, run: diff --git a/guides/authentication/mix_phx_gen_auth.md b/guides/authentication/mix_phx_gen_auth.md index a5776f39ae..952cca8d16 100644 --- a/guides/authentication/mix_phx_gen_auth.md +++ b/guides/authentication/mix_phx_gen_auth.md @@ -94,7 +94,7 @@ Note that whenever the password changes (either via reset password or directly), ### User Enumeration attacks -A user enumeration attack allows someone to check if an email is registered in the application. The generated authentication code does not attempt to protect from such checks. For instance, when you register an account, if the email is already registered, the code will notify the user the email is already registered. +A user enumeration attack allows someone to check if an email is registered in the application. The generated authentication code does not attempt to protect from such attacks. For instance, when you register an account, if the email is already registered, the code will notify the user the email is already registered. If your application is sensitive to enumeration attacks, you need to implement your own workflows, which tends to be very different from most applications, as you need to carefully balance security and user experience.