Recent Comments

this was a great episode. I'm going to give it a try. Two areas that i would be interested in knowing if rubber supports are integrating with ELB and AutoScaling. Any insights from smarter people on this?

thanks

Why would this be wrong? Another user would see the delete method in the controllers and hopefully be able to discover the initializer. No?

Is it actually safe to allow mass-assignment in this context?

I'd been wrestling with trying to cache my 'latest tweet' partial and the cron job not expiring it properly for a while, this is a much tidier way to do it, with no delay in page loads.

Thanks.

This means all resources will have a delete action on them.
Isn't that a bad idea?

+1, but one can still learn from this approach even though its wrong

Great value as usual, just one question Ryan.

Do you dislike find_or_create (which I could understand BTW) or
maybe think that exists? ... || create! has other merits (like the bangs exception raising behavior).

Cheers
Robert

This doesn't seem like a good solution to me. Overwriting the "resources" method in an initializer will confuse the heck out of anyone looking at your code except yourself.
I'd say if you need to support users with JS disabled, use a button (and don't make it look like a link either!)

Download node.js and add it to your path (this is done automatically if you use the msi installer). After you may need to restart your computer before it will work.

Guys very important, the encyrpted payment settings were moved inside the paypal, This caused lots of confugion on our side.
So here it is

1.Register as Merchant
2.My Profile -> My selling tools -> Encrypted payment settings (at the very bottom).

I'm able to rehash now

mv /Users/jason/.rbenv/shims/.rbenv-shim /Users/jason/.rbenv/shims/.rbenv-shim2

I'm not sure why but it started working after I ran

brakeman -o output.html

Thanks Ryan!

What about a revised version of Formtastic? This will be great.

Have a nice weekend.

This saved my ass today. Thanks.

Awesome - thanks! This makes me feel a lot better about my app :D

Would love to see a similar episode on performance (slow queries etc) although knowing Ryan he has probably already done one!

A good practice is to place site specific cookbooks in a folder called site-cookbooks instead of putting them all in cookbooks.

http://wiki.opscode.com/display/chef/Cookbooks#Cookbooks-SiteSpecificCookbooks

fancy_irb isn't working from the Console, I get:

cannot load such file -- fancy_irb

However it works if I execute irb, how can I fix this?

I made my wi-fi public when I tested.

Can it have something to do with OS (I'm on Lion)? I'm not a big understander about networks, but with the wi-fi public shouldn't I see it?

Of course, when doing from my computer I'm able to see that cookie session info, but even that way, when using cURL, I was not logged in. It just redirected me back to the sign_in path.

Any ideas of what could be wrong? I'm just following the same steps.

after gem install brakeman and adding it to my gemfile, I keep getting

zsh: command not found: brakeman

and rbenv rehash gives me

rbenv: cannot rehash: /Users/jason/.rbenv/shims/.rbenv-shim exists

How'd you do that if you're using something like Vagrant (a virtual machine for development).

Unfortunately, "redirect_to redirect_url, only_path: true" won't work. It works only, when you pass first argument as a Hash and it should contain :only_path options. When you have redirect_url as a string you can use URI.parse(redirect_url).path or URI.parse(redirect_url).request_uri, hovewer request_uri is available only on URI::HTTP objects, so additional checks might be needed.

If you think brakeman gem is useful, you must try my online service based on brakeman, rails-brakeman

If your wifi is secured then your traffic shouldn't ever hit another wifi adapter in order to be tcpdumped. Try it in an open wifi hotspot?

Nice, trying it out right away. Since im the first one here, i might be lucky and get a response. :)

I have disabled mass assignment on my shopping cart because i am using this

def purchase
  response = GATEWAY.purchase(price_in_cents, credit_card, purchase_options)
  transactions.create!(:action => "purchase", :amount => price_in_cents, :response => response)
   cart.update_attributes(:purchased_at, Time.now) if response.success?
  response.success?
end 

I get a complaint about purchase, price_in_cents and response not mass assigned, i ended up disabling it after many attempts but obviously running Brakeman brings back the issues. How can i add these to my attr_accessible?

Is there any reason why you are prefixing the secure cookie with a string and simply not using the user id?

Thanks for this episode. I never was really aware of this issue.

However, I tried to reproduce the steps in my local network using a Rails app that was already deployed, and the cookies didn't appear anywhere when using tcpdump.

I tested it using my wi-fi network, and 2 different machines (mine and another). When I tried to login using the other machine, none of that info appeared in tcpdump.

I'm using Devise for the authentication.

When I tested it in my local machine, then I could reproduce the vulnerability and see all the cookie information.

Am I missing something? By what I understood, shouldn't I be able to see it when in my local network (and not only localhost)?

seconded.

To use multicolumn sorting, I did this:

  def sort_helper
    columns = %w[name category released_on price]
    sort = "#{sort_column} #{sort_direction}"
    (params[:iSortingCols].to_i-1).times do |i|
      sort << ", #{columns[params["iSortCol_#{i+1}"].to_i]} #{params["sSortDir_#{i+1}"] == "desc" ? "desc" : "asc"}"
    end
    sort
  end
  def fetch_products
      products = Product.order("#{sort_helper}")
      products = products.page(page).per_page(per_page)
      if params[:sSearch].present?
        products = products.where("name like :search or category like :search", search: "%#{params[:sSearch]}%")
      end
      products
    end

Another idea, you could add a Capistrano task for this.

• Hirb also renders Mongoid documents in a MySQL-like table!

• replacement for 'rails dbconsole' for Mongoid:
  http://crumbtrail.chesmart.in/post/1334264255/handy-bits-for-mongoid-with-rails-3

ditto, and there have been some damn good episodes over the years

So I just want to clarify: If all connections are https and everything is using the built in sessions, do I need to set a secure cookie to be safe? or will that just be happening automatically?

does it work if you try and submit the form with blank fields?

Great screencast! Could definitely benefit from an update that uses the pry-rails gem.

Weird, I get

rails c
Loading development environment (Rails 3.2.3)
Error : 'load /Users/Bruno/.irbrc' : undefined method `source_location' for #<Proc:0x10f116678>

On launch.

Love this, thanks.

You didn't mention that you need to initialize rspec. I tried for hours to figure out why colors weren't working in Guard over SSH and it turned out I just needed to run rspec --init

The y method should still be there if you require 'yaml' first.

>> RUBY_VERSION
=> "1.9.3"
>> require 'yaml'
=> true
>> y({ "foo" => "bar" })
---
foo: bar
=> nil

Yes - how does it work with nested resources?

+1 again for the Rails/EmberJS screencast and including basic authentication/authorization would be a huge bonus!

Is there a carousel with similar functionality as will_paginate using AJAX?

Does anyone know how to install the unaccent extension for pg?

PG::Error: ERROR: could not open extension control file "/usr/share/postgresql/9.1/extension/unaccent.control": No such file or directory

Hi Ryan,
Thanks for the episode. I am wondering how can I create the session model object from the console. I tried new_session but not able to initialize session model with that.

Ritesh

I noticed this is all done without SSL on the web app. Yes, the JSON calls to Stripe are done via SSL, but that's not obvious to the casual user. Would you recommend that the payment form be served via SSL, even if just to give the user some reassurance?

Did you guys figure this out?

I have the same issue. Tried to copy files from GitHub, but it didn't work for me.

Thanks for the great screencast, but I'm not sure why you write off StartSSL as "isn't for serious use". StartSSL uses all the same algorithms as the bigger providers and even uses better ones in certain cases (eg. connections will default to 256-bit instead of the usual 128-bit), plus they enforce better security practices than most providers (eg. you must use an SSL client certificate to login, there's no username/password).

To top it off, the free certificates are even insured for up to $10,000 in damages, with paid ones providing more insurance.

Thanks again for the very useful screencast, but you should do a bit more research before saying something "isn't for serious use", as your opinion carries much weight for many individuals. :-)

Awesome as usual. Seems like the caching would be a perfect fit for Redis. :-)

Awesome episode Ryan! You rocks! ... And awesome gem. Congrats!

well i didn't initially see to add this //= require rails.validations in the application.js but i did and that didn't fix it either

I ran this:

$ rails g client_side_validations:install

and got:
create config/initializers/client_side_validations.rb

however this file (create public/javascripts/rails.validations.js) didn't get created. is it because I'm in the new version of rails which has js in assets, and is this necessary for the inline validations, because mine aren't working. It works when I submit the form but not after I tab out of the text field. is there a way i can get this file to put in my assests.

thanks.