#rubyonrails
3 posts

Ruby on Rails: Ensuring security is covered in your application

Use strong parameters to accept data being sent to you from a request, supplying whitelisted values to throw an error if incorrect data comes in.
Read more

Ruby on Rails: Ensuring security is covered in your application

  • Set up authentication to verify user access. You can use devise, which uses Bcrypt, to make it difficult for hackers to compute a password. It can also help recover passwords, register and track sign-ins, lock records, etc.
  • Use strong parameters to accept data being sent to you from a request, supplying whitelisted values to throw an error if incorrect data comes in.
  • Add slugs to URLs to identify records in an easy-to-read form without releasing the id of the record.
  • Protect sensitive data, especially logins and payment pages, by enforcing https through the config file and averting cross-site scripting (XSS) attacks.
  • Check for active record exceptions and create an exception concern to sit above the application controller to guard against specific exceptions.

Full post here, 3 mins read

Lessons learned from the Ruby Refactoring Kata - Tennis Game

Refactoring mercilessly is a great learning technique to learn about what different parts of the code do. Don’t trust the initial tests completely. There are great chances they may not give you complete coverage.
Read more

Lessons learned from the Ruby Refactoring Kata - Tennis Game

“There is a certain amount of Zen to refactoring. It is hard at first because you must be able to let go of that perfect design you have envisioned and accept the design that was serendipitously discovered for you by refactoring. You must realize that the design you envisioned was a good guidepost, but is now obsolete.”
  • Refactoring mercilessly is a great learning technique to learn about what different parts of the code do.
  • Don’t trust the initial tests completely. There are great chances they may not give you complete coverage.
  • Extract method is a no-brainer refactoring with a good IDE support.
  • Simplify if conditions with Guards.
  • Preserve the public API if you have no control over client calls.
  • “Code as data” sounds exciting in theory. It isn’t too great in practice.

Full post here, 12 mins read

How to write fast code in Ruby on Rails

Cache all the things. Throttle any operation that can’t be cached. rack-attack and rack-throttle can help throttle unwanted requests. Consciously minimize dependencies. They will turn into liabilities as projects grow.
Read more

How to write fast code in Ruby on Rails

  1. In Rails
  • Cache all the things.
  • Throttle any operation that can’t be cached. rack-attack and rack-throttle can help throttle unwanted requests.
  • Consciously minimize dependencies. They will turn into liabilities as projects grow.

2. In Ruby

  • Use metaprogramming sparingly to prevent unnecessary slowness.
  • Think about how your code will scale with more data. Know the difference between O(n) and O(1).
  • Avoid mutating global state while leveraging mutation on the local state.

3. In Active Record (Rails’ default ORM)

  • Know when queries get executed and what causes them to get evaluated.
  • Index the columns you need to query.
  • Use select and pluck to select only what you need. By default, Active Record selects all columns in SQL with SELECT *

Full post here, 8 mins read