SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    SitePoint Member
    Join Date
    Jun 2008
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question ruby on rails? security + session mgmt w/o cookie + script-free site

    hello to everyone,

    this is my first step inside the opportunity of ruby

    i'm not a developer, so i'm trying to do the best, i hope you'll forgive my mistakes

    i know very little about jsp, and it is absolutely not affordable for just a personal commercial website (neither self-made, nor bought)

    i strongly dislike dotnet, too

    so i'm reading ror sitepoint's book, 1st edition

    at the moment i just succeeded to install all the basic environment (ruby rubygems rails mysql), and i had some trouble, but it's done

    my aims...

    - to rely on out-of-the-box security and encryption apis/functions/classes for managing users account (we have strict rule about privacy, so it is important to them, but also to me!): are there such functionalities in ror, or in its extensions?
    i saw something similar in jsp

    - to reach a session management without using cookie, but volatile parameters or something else...

    - to build a simple customized cms to output a light-wight e-commerce site, without any kind of client side script, using a few self made templates, and providing an accessible website with accounting, payments (any kind), online customized documentations about products and services, photo and video gallery

    do you believe i would find those things in ruby on rails?

    i found easyeclipse for ruby on rails, do you thing it is a good thing?

    thank you very much

    sr

  2. #2
    SitePoint Enthusiast
    Join Date
    May 2008
    Posts
    43
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i would say yes ror is the easiest solution, it has a great deal of functionality built into the rails framework. The framework has grown quite robust over the short few years. I think you can achieve your aims.

    That said you might come across somthing you need to do that doen't have rails function for. Fear not, all you need to do is write that function yourself, but you'll have to learn ruby, which imho is a delight to use, so i think it is well worth your trouble.

    As far as using eclipse, it would say its good, i like rad rails from aptana personally, but find eclipse rather heavy editor/ide i might recommend textmate for the mac or e editor for the pc (textmate clone).

    just my toughts

  3. #3
    SitePoint Member
    Join Date
    Jun 2008
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ethyreal View Post
    i would say yes ror is the easiest solution
    :-) that's good! i strongly needed such a concise encouragement!
    i've been reading more, and trying something... it's (almost) funny, or at least i don't feel the oppressive atmosphere i found in java

    I think you can achieve your aims.
    sounds good!

    you might come across somthing you need to do that doen't have rails function for. Fear not, all you need to do is write that function yourself, but you'll have to learn ruby, which imho is a delight to use, so i think it is well worth your trouble.
    i agree, i don't dislike some coding, i dislike the bad sensation i felt in java "no matter what i'm doing, it's wrong some way..."

    ...eclipse, it would say its good, i like rad rails from aptana personally...
    also aptana is based on eclipse, as far as i understand, i will try... anyway that's good.. many people saw at least once eclipse in action

    just my toughts
    really welcome, thank you very much...
    and it's been good having a chance to know your site and your work (i really appreciate them)
    _____________________

    by the way i forgot one thing: do you have suggestions about a ror cms?
    i saw only geego, at this time

    thank you again

    see you

    sr
    Last edited by startingruby; Jun 18, 2008 at 21:22. Reason: formatting for readability

  4. #4
    SitePoint Enthusiast AllTom's Avatar
    Join Date
    Feb 2008
    Location
    Wherever danger lies...
    Posts
    48
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by startingruby View Post
    - to rely on out-of-the-box security and encryption apis/functions/classes for managing users account (we have strict rule about privacy, so it is important to them, but also to me!): are there such functionalities in ror, or in its extensions?
    i saw something similar in jsp
    There is a Rails plugin called "acts_as_authenticated" which I have used in many projects (or written from scratch as needed, since it's a simple plugin). It comes with functionality for hashing passwords with a salt, optional functionality for resetting forgotten passwords, and e-mail confirmation of accounts.

    Note: acts_as_authenticated has been succeeded by restful_authentication. I have not used it, but I trust the developer that it's actually an improvement.

    Quote Originally Posted by startingruby View Post
    - to reach a session management without using cookie, but volatile parameters or something else...
    If you mean that you want to use session IDs in URLs, I recommend against finding a way to make Rails do that, especially as your first bullet point seemed to suggest that you cared about security/privacy. Session IDs in URLs are easy to spoof, even by accident.

    Quote Originally Posted by startingruby View Post
    - to build a simple customized cms to output a light-wight e-commerce site, without any kind of client side script, using a few self made templates, and providing an accessible website with accounting, payments (any kind), online customized documentations about products and services, photo and video gallery
    There are payment processing libraries available for Rails, though I have not used any myself. A CMS is certainly within Rails' sweet spot.

    Quote Originally Posted by startingruby View Post
    i found easyeclipse for ruby on rails, do you thing it is a good thing?
    Are you using RadRails? RadRails is pretty good.
    There are some things you shouldn't try to code at home.

  5. #5
    SitePoint Member
    Join Date
    Jun 2008
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Smile

    thanks AllTom,
    you all are really friendly
    Quote Originally Posted by AllTom View Post
    There is a Rails plugin ... acts_as_authenticated ... restful_authentication ....
    ok, i'm getting the difference between jsp and ror
    jsp seems to have (almost) all, but many people don't use it (sometimes don't know something exists, or how to use it)...
    may be ror had something less, but if we need something we can talk in forums and get it in real life

    use session IDs in URLs, I recommend against finding a way to make Rails do that, especially as your first bullet point seemed to suggest that you cared about security/privacy. Session IDs in URLs are easy to spoof, even by accident
    you are right, my mistake, i forgot one of the rules i got studying jsp

    i started my question because i heard that many users simply keep cookies disabled for security concerns, even if this could wise only against suspicious website
    other ones know the old "doubleclick trick", and they decided the same

    most of them simply realize that is impossible to "use a site" today without cookies, and they enable them again, only rarely they manage to filter cookies (most times you need browser extensions, privacy software, so on...)

    that said, if i will encounter such kind of customers, i know that they will go away from my site, and i will loose them forever

    i can't imagine a real-world-solution

    i don't know anything to have "statefulness" without (cookies + url rewriting)
    the only thing i can imagine, a compromise, is to use a "one time" url session id, but it doesn't seem too smart, isn't it? :-)

    may be i will consider a "business design" (i don't know what it could be) that doesn't require a session, but... it is hard to imagine something for me...

    edit: also, maybe i will use the cookies, in the end... i have many other problems to solve... :-)

    There are payment processing libraries available for Rails, though I have not used any myself. A CMS is certainly within Rails' sweet spot
    ok, i will see that when i dive in, but know i'm becoming confident that "solutions are": i only have to "post" the right question :-)

    Are you using RadRails? RadRails is pretty good.
    i downloaded it, i will try both easyeclipse and rad/aptana
    forgive me... i'm a recent "microsoft freedman" and i'm still struggling with ubuntu... :-) i will tell you something when i will manage to install (and most of all run) them... :-D
    Last edited by startingruby; Jun 18, 2008 at 21:41. Reason: maybe i'm have to be less rigorous

  6. #6
    SitePoint Member
    Join Date
    Jun 2008
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hello... googling i found this
    www dot perlmonks dot org/?node_id=146842
    what about?

    pardon, maybe i'm going out of the scope of the discussion, i hope this was not a problem

  7. #7
    SitePoint Enthusiast AllTom's Avatar
    Join Date
    Feb 2008
    Location
    Wherever danger lies...
    Posts
    48
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by startingruby View Post
    i started my question because i heard that many users simply keep cookies disabled for security concerns, even if this could wise only against suspicious website
    Even so, the hope is that users confident enough to disable cookies will know enough to turn them back on. I've only met one person who claims to default to not accepting cookies.

    Quote Originally Posted by startingruby View Post
    hello... googling i found this
    www dot perlmonks dot org/?node_id=146842
    what about?
    I have to agree with the last poster, who complains that sessions are far too easy to hijack with IDs in URLs.
    There are some things you shouldn't try to code at home.

  8. #8
    SitePoint Member
    Join Date
    Jun 2008
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by AllTom View Post
    Even so, the hope is that users confident enough to disable cookies will know enough to turn them back on. I've only met one person who claims to default to not accepting cookies.
    I have to agree with the last poster, who complains that sessions are far too easy to hijack with IDs in URLs.
    i was thinking also to an important quote of users from internet points in my city, (many people in my target could be in that category), where most of configurations are limiting and anyway locked from the owner of the computer for legal issues

    anyway, it is obvious that i can't give up the advantage of session management for accounting, and i will front the problem when i will see the statistics about the site

    so, i definitively agree with you, thanks a lot, this discussion has been an important source of information for me

  9. #9
    SitePoint Member
    Join Date
    Jun 2008
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    update:

    working on 64bit-ubuntu-linux i saw a couple of things

    - aptana/radrails is a pain ton install on x86_64 (you have to force the 32-bit-jdk and so on...): i gave up

    - easyeclipse for ruby on rails is a snap, in the same situation: just extract the file (it has its own java runtime) and run the executable
    then avoid some traps (it fails without any reason if you are not compliant with standard directory structure in the projects) and you are done: the editor is quite handy, not powerful as aptana/radrails promise to be... anyway... it is good to learn
    i don't forget "cream", the idiot-proof version of vim: very nice formatting and handy shortcut, to be "just an editor"

    about the book...
    i'm going on... there is a huge amount of errata, but this is not point:
    - there is so much documentation and tutorial-stuff about ruby/ror that... sincerely... i will probably will not see the need to buy another book for years...
    - most of the examples are pointless and, let me say... a bit disconcerting...: embarrassing conceptual mistakes (inheritance, my god) have been "fixed" changing the syntax, and the overall impression is that many many statements simply have not been tested during the writing... for example the chapter about general aspects of ruby could have been spent more effectively giving some good links, and leaving the space for more specific rails issue
    and the fact that in the second edition there is not a new hands-on-tutorial-project (but not only), means that the author doesn't follow krug's advices...

  10. #10
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,145
    Mentioned
    190 Post(s)
    Tagged
    2 Thread(s)
    The directory structure is not so much a "trap" as it is a convention. It does not fail without any reason. The reason is that this is how Rails works.

    Edit:
    Quote Originally Posted by startingruby
    then avoid some traps (it fails without any reason if you are not compliant with standard directory structure in the projects)

  11. #11
    SitePoint Member
    Join Date
    Jun 2008
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Mittineague View Post
    The directory structure is not so much a "trap" as it is a convention. It does not fail without any reason. The reason is that this is how Rails works.
    hem... who are you talking to? it seems that nobody discussed the good of the conventional directory structure of a rails application...

    what is the problem, indeed?

  12. #12
    SitePoint Member
    Join Date
    Jun 2008
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hello, i'm back with my hope, could you please see the thread number 558101?

    please pardon me if i did the nth mistake... :-)

    thank you all very much...

    sr


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •