SSL checklist for Ruby on Rails Applications


The purpose of SSL is to provide a reasonable level of protection against eavesdropping and man-in-the-middle attacks. Although SSL provides a greater level of security, it introduces a lot of overheads and hence should be used sparingly. Two of the most common places to use SSL is for payment transactions and user registration/login.
This post intentionally focuses only on the Rails application as there are numerous post on the net for SSL setup on the server. Enabling SSL in a Rails application is really trivial and there are just a few points that need your attention..
Read more


Ruby on Rails Caching And JavaScript Techniques

Cross posted from darthsid

While implementing caching in a recent rails project I came across some typical caching issues. In a lot of pages the content is same for all users but certain components in them have user specific actions. As an example, I have a page listing all public messages that users have posted(similar to the public timeline in twitter) but actions on those messages are user specific(eg: only owner or admin can delete a message). Also, most of these actions use ajax and the rails authenticity token in them also gets cached resulting in subsequent failures if the session changes. Another issue was that the timestamps in most pages is fuzzy and they become irrelevant if a page gets cached for too long. I could have created separate caches for each user but if the user base really grows managing the caches would become a nightmare and that would still not solve the authenticity token and the timestamp problem. The simplest solution was to use JavaScript, more specifically jQuery.
Read more


Git Work Flow For Ruby on Rails Developers

This is my very first blog post and so I thought it should be about a tool that is indispensable for me - Git. I started using git about 10 months ago and looking back I can't imagine how I managed to get work done without it. The purpose of this post, however, is not to sing git's praises, there are lots of good articles on the web that do so much better than I ever could. Instead, I wish to share the work-flow I use on my projects. I developed this work-flow by trial and error over the months and is currently the most efficient and productive approach I can think of. If any experienced git users happen to stumble upon this post, please do provide suggestions/alternatives to help me improve my process.

The project I am currently working on requires me to maintain two parallel deployment branches. One is a "production branch" which is deployed on the live server and the other is a "development branch" which is deployed on a staging server. All enhancements and feature additions are done in the "development branch" and the only changes made in the "production branch" are production bug fixes that need urgent attention. Once the "development branch" is deemed stable it is merged into "production branch" and deployed.
Read more