I didn't find a short answer to my question,CVE-2019-16201 was a vulnerability on WEBrick on Ruby, was RubyOnRails affected by this vulnerability as well?
I say yes because I found RubyOnRails used WEBrick as mentionned Here.
I say no because on CVE-2019-16201 I don't find any reference to it about RubyOnRails, and I believe that this vulnerability was crucial and must have been mentioned here.
I hope the answer is yes, because I have to reproduce this vulnerability in an environment, and it would be easier to do so, I believe, using ruby on rails.
Thanks to all of you.
Please note: That this is not a rails vulnerability but rather a vulnerability in the WEBrick library that ships with ruby (rails is not a requirement to use this library)
So if your rails application is:
using WEBrick as its HTTP server; and
running on one of the affected versions; and
using digest authentication provided by WEBrick
Then I would say yes the rails application is vulnerable.
Related
I want to connect a ruby on rails application with to an ESB. Is it possible to connect a Ruby application with an ESB?
Please provide explanations and suggestions.
Yes.
Please notice that Ruby is soft-typed and that EBS services should (normally) be strong typed, so that you will probably require manual type checking.
Ruby could probably be used for most applications (not system writing) and it definitely fits well within a Service oriented design such as an EBS.
O. Community, and thanks in advance for the support!
I recently took Mattan Griffel's One Month Rails course on skillshare to be able to write rails web apps.
Railsinstaller.org includes rails 3.2.1 and ruby 1.9.3 and works perfectly out of the box.
My app worked well and it was time to get it up on the web, so I purchased a namecheap domain and webserver, uploaded my app and... nothing!
The problem is that the namecheap servers only support rails 2.3.17 and ruby 1.8.7 - nothing created with v 3.x or dependent on ruby 1.9.x will run in a 2.x / 1.8.x environment.
Has anyone else run into this issue?
It seems like such a standard use case, I can't believe it's not better documented on the namecheap site.
I've done my Google-Fu and have learned that, once I installed it, I could create an older rails app using
rails _2.3.17_ AppName
Is there a similar way of forcing rails to use an older version of ruby as well?
I'm close to cancelling my namecheap account altogether in disgust, so if someone out there knows of a better place to host my rails 3.x web apps, I'd love to hear about it!
(Let's assume, for the time being, that a VPS is prohibitively expensive and far in excess of what I need, resource-wise).
Thanks again,
One Frustrated User
You can use heroku free account to begin with. Don't waste time on fixing problems on shared hostings, they are just toys.
Rails 3.x native cPanel support is still unreleased , feature request case is still open
http://forums.cpanel.net/f145/mod_rails-passenger-instead-mongrel-rails-3-support-case-44197-a-152577.html
This is tricky but possible to run Ruby 3 applications - additional software installation and global server reconfiguration required in this case, but hardly possible on regular shared server per user. We can offer to upgrade your hosting account to VPS. All your existing account content including databases, additional domains, email accounts and settings will be transferred transparently to VPS. To optimize your VPS with cPanel and make possible for you to develop and run Ruby 3 application you may request our technical support team to tune up the system according to all your requirements. Operating system tuning and custom software installation is included with Full Management VPS option. You may request part-time technical support as an alternative.
Regards,
Dima S.
Technical Support,
Namecheap Hosting
I am working on a website project that requires ruby 1.8.7 and using am currently rails 3.2. This is a research project and thus maybe a bit "unconventional".
I have a rails server, the manager, that spawns other rails servers which become peers in a P2P network.
I want to pass custom options to my spawned servers to configure them. I thought about doing something like this but it does not seem possible in rails. Does somebody have a suggestion of how to do something similar?
rails server --custom_option="CUSTOM_VALUE"
Will environment variables work?
CUSTOM_OPTION=CUSTOM_VALUE rails s
This should give you access to it:
`$CUSTOM_OPTION`
I have searched A LOT and couldn't find any resource that says I can use Faye with jruby. I have found this one that says that it doen't play well with jruby but it's really really old. Also I have found this that looks like they have implemented a Java native extension in order to support jruby?? Does anyone know if I can use it in a Jruby on rails project?
Thanks!
From the creator of Faye:
Yes, the server runs on JRuby. The client uses either WebSocket, EventSource, XMLHttpRequest, CORS or JSON-P depending on what is supported by the user's browser, the server, and the intervening network, and is compatible with other Bayeux servers.
Kind of a silly question, but, as someone learning Rails (after mucking around in PHP for several years), with the intent of building some serious apps but also doing content management, I'm curious what a simple content-managed site like that one runs on.
BuiltWith Technology Profiler Extension for Chrome will show you... I use this plugin all the time to answer similar questions of curiousity.
ruby.railstutorial.org
Varnish
Varnish is a web accelerator / reverse proxy caching server.
nginx
nginx [engine x] is a HTTP server and mail proxy server written by Igor Sysoev.
Frameworks
Ruby on Rails Token
Ruby on Rails is an open-source web framework that is optimized for programmer happiness and sustainable productivity. Note that Ruby on Rails has two detection techniques and this is one of them.
Ruby on Rails
Ruby on Rails is an open-source web framework that is optimized for programmer happiness and sustainable productivity.
The Ruby on Rails Tutorial website is a Rails 2.3 app running on Heroku. (At some point I plan to upgrade it to Rails 3, but this isn't currently a priority.) Because the content is largely static, most pages are cached using Heroku's Varnish HTTP cache.