Complete Rust Security Handbook – free 10-chapter guide🔒

announcements
1

Hi folks :waving_hand:

I’ve just pushed an early draft of The Complete Rust Security Handbook.
Right now it’s a single Markdown file rendered by GitHub Pages - no fancy mdBook
UI yet, just raw content.

What’s inside

  • type-level safety patterns
  • panic-proof error handling
  • integer-overflow guards
  • cryptography & secret handling basics
  • async / smart-contract pitfalls
  • a deployment-time security checklist

I’d love your feedback

  • spots where the code or explanations are wrong / unclear
  • suggestions for additional real-world examples or references
  • typos, style nits, better naming - anything that helps tighten it up

Reply here or open an issue/PR in the repo - whatever’s easiest.
Thanks for giving it a look, and I hope it’s useful.

1 Like
2

A quite thin book with short chapters :slight_smile:

For your first example advertising the Newtype pattern:

fn transfer(from: UserId, to: UserId, amount: TokenAmount) -> Result<(), Error> {
    // Now it's physically impossible to swap parameters!
}

The problem is still, that the first two arguments could be exchanged, so transferring the money in the wrong direction. Some other languages have named parameters, so that we had to call the function as transfer(from: User1, to: User2, amount: the_money);

I will bookmark your post, and perhaps read in in winter, thanks.

[EDIT]

Would using a transaction struct not be the better choice, as Rust has no named parameters?

struct Transaction {
  from: UserID,
  to: UserID,
  amount: TokenAmount,
}

let action = Transaction{from: user1, to: user2, amount: amount};
let res = transfer(action);