#178 7 Security Tips
Security is important! Here I show seven different security flaws which are common to Rails applications ranging from mass assignment to CSRF protection.
- Download:
- source code
- mp4
- m4v
- webm
- ogv
Form Objects
Models have a tendency to become a complex mess as an application grows. In this episode you will learn a couple of techniques to extract form-behavior out into its own class.
(18 minutes)
Service Objects
Models can quickly become a grab-bag of unrelated methods if behavior is constantly being pushed from the controller. Here I show how to refactor this using Concerns and Service Objects.
(12 minutes)
Model Name in URL (revised)
A model's ID in the URL is not very helpful to the user. Consider adding the name which can also improve SEO. Learn how to override to_param, add a slug attribute, and make a catch all route for deep nesting.
(9 minutes)
STI and Polymorphic Associations
Single Table Inheritance (STI) can help organize branching logic into separate classes, but a polymorphic association may be a better fit if there are unique database columns.
(14 minutes)
Guest User Record
Instead of presenting a sign up form to the user, consider creating a temporary guest record so the user can try out the application without filling in their information up front. They can then become a permanent member afterwards.
(9 minutes)
