I'm a fairly new developer and I've encountered my first project where it will be important to be able to store certain fields encrypted within the database.
I'm on the most current version of Ruby/Rails, hosted on Heroku and using Git for source control. I installed the symmetric-encryption gem and SORT of have it working. But, when it comes to security, I know "sort of" doesn't cut it.
So, I set up the env variable with a key inside Heroku and have created a column in my database called :encrypted_access_code. When I submit a form, passing an :access_code parameter, it stores an encrypted version inside the :encrypted_access_code column. If I call the .decrypt method on that string, the method properly decrypts it and returns the original value. That seems, by what I can tell, to all be working correctly.
The problem is that I am still able to call MyModel.access_code, both in console and in the view, and it returns the unencrypted value. That column is no longer present in my database but it's still letting me call it - not good and I'm not sure where I went wrong. I'm sure it has something to do with symmetric-encryption and my not understanding it fully, but I haven't been able to find a truly comprehensive guide on getting it up and running. Using the creator's site I used his example to add the bits I needed in my model but I must be missing something. Any help would be super, super appreciated.
Thanks!
Related
I have an application in which one opens many windows. I added copy/paste, using XA_PRIMARY.
That works fine within my application. It also works fine when copying from other applications (pluma, FireFox, mate terminal) into a window of my application.
When I call XSetSelectionOwner(), with time stamp etc as explained in the documentation, server acknowledges new owner. That is, XGetSelectionOwner() returns the owner I just set.
However, when copying from my app to other applications I do not receive SelectionRequest.
From what I see, server only sets the owner for the Display used in the call XSetSelectionOwner().
Is this how it is supposed to work? Then, is there something else to do so server sets owner for all apps?
Given the behavior of the Server, I had to assume that other clients are not making their request for "PRIMARY". So, I added "CLIPBOARD", and now everything is working great.
The documentation appears to say that every client will use PRIMARY. Further reading seems to indicate that there is a difference between making a "selection", and "copying text". They seem to skirt this as a useful feature. I see nothing but confusion. Anyway, there really was no bug in my app. I think documentation should have a line saying: You must implement both, PRIMARY and CLIPBOARD. That was the problem.
I am new to Ruby and have a question about how to do a specific task on Rails.
I have a list of inventory and each item has a specific Stock ID that is emailed to my personal Gmail account. I want my web application to listen for emails from a specific email account. When my gmail receives an email from that specific account I want my application to parse it for a couple of fields and insert the stock ID into my database.
For example:
Let's say my database has an item with style code: A5U31 and size:10.
The email will say something like item with style code: A5U31 and size:10 has Stock ID:329193020.
I want my Rails application to search the database for an entry with that specific style code and size, and when it finds an entry to simply insert the stock ID into the row.
I am trying to using the Google-API-Client gem to this, but I am struggling, because I am still a beginner. So far I have done this quick-start guide to authenticate my gmail account with my rails app.
https://developers.google.com/gmail/api/quickstart/ruby?authuser=2
If someone could help me figure out how to write this sort of code and where to put it in my app(models, controllers, views) that would be very appreciated. Thanks!
I know it's been several months since you posted this, so you probably already have it worked out, but in case you still need a solution (or if someone else wants to do something similar), I'll share my thoughts:
At a high level, it sounds like your plan is
Identify when a new email has come in (either by polling or by using a push notification).
Grab the new email's content.
Parse the email's content in order to extract relevant data.
Use the data to query and update a database.
Based on the documentation for the Gmail API, it does look like you should be able to set up push notifications, so you won't have to poll the endpoint to get the information you need.
However, my big takeaway from this list is that none of the items on it really require Rails, since you're not exposing an external web API for requests. I suppose that you could leverage ActiveRecord to create an item model and use that to manage the database; however, since it seems like you'd only need to make some basic SQL queries (and the same ones each time), I'm not sure that bringing in ActiveRecord adds much value.
If I were trying to solve this problem myself, I would probably create a simple Ruby program that (a) uses the gem you mentioned to handle push notifications from the Gmail API, and (b) uses another gem to connect to whatever kind of database you're using (e.g. pg for Postgres) and make the necessary queries.
(All of this assumes, of course, that you aren't specifically using Rails for some other reason, e.g. adding this feature to an existing Rails application).
I have problem during using fire-base with rails to making a real time form in rails with fire-base how it will be done .. please help me i am new in fire-base.
How to make a real time sharing form in Rails using fire-base.
sorry for bad English ;)
It would be good if you can use ids as keys for each of your form element like input ,select etc and can place value for the element to make each key-value pairs.
This would be effective in a case when you have a persistent record for that form i.e for make new records this approach is not good.
You can use the firebase-rails gem, it's description reads as follows: Ruby
wrapper for the Firebase REST API.
Changes are sent to all subscribed clients automatically, so you can
update your clients in realtime from the backend.
It's very easy to use, although the documentation is somewhat lack luster for but it's just enough for a simple app (if you don't know what you're doing).
I am testing Piwik if it would be suitable for analytics and tracking for my Ruby on Rails application. For testing purposes, I am running piwik on localhost, tracking the rails application running also on localhost. Piwik tracking is integrated by the piwik_analytics gem, and to track goal conversions I am using the piwik-tracker gem. All my goals are manually converted (by calling the goal conversion method from a controller).
My problem is that I wish to record goal conversions by a custom variable (scope: visit), but this does not seem to work. The custom variable is set correctly, and the goals conversions are recorded correctly, but the goal conversions are not sortable by the value of the custom variable.
In my application, there are three different types of users, and I wish to track their actions by user type. To this end, I have defined a custom variable which contains the user type. I have included setting this variable in the piwik_tracking_tag in application.haml.html, because I cannot know the entry page beforehand. I see that the variable is set correctly, because visits are recorded by this variable. The goals, too, are converted correctly.
However, in the goals panel, when I click on the 'By custom variable' option, I see 0 conversions for each different user type.
I am wondering if this is a Piwik issue, and not caused by me. I have also tried (re)setting the custom variable when calling the goal tracking method
piwik.request.custom_variable(1,"Role","user_role").track_goal(1)
but this makes no difference.
#marflar: We switched to client-side tracking (and updated Piwik to a version they released after I posted this quesiton), and then viewing by custom variable started working. However, Piwik randomly didn't manage to track some goals, so in the end we ditched Piwik and went for Mixpanel, which we've been content with.
What exactly does SignedCookieJar do?
And what is the difference from that and using MessageEncryptor.encrypt_and_sign on the cookie value?
If you're ever looking for exactly what a given class does, I'd recommend consulting the source. SignedCookieJar, for instance, is in rails/actionpack/lib/action_dispatch/middleware/cookies.rb.
It would seem that a SignedCookieJar is a wrapper around the standard cookie jar, but before setting a cookie to its parent jar it will sign it with an ActiveSupport::MessageVerifier's generate method, and upon getting a cookie from the parent jar it will return nil if the verifier's verify method invalidates the signature.
The difference seems to be that MessageVerifier only signs data but leaves the original data intact, whereas MessageEncryptor will additionally encrypt the data before signing it. The Rails docs say that the use case is different in that:
[MessageEncryptor] can be used in situations similar to the MessageVerifier, but where you don’t want users to be able to determine the value of the payload.
For signed cookies, we're usually not too worried about that.