Ruby on Rails website Security Basic to be take care of…


Source o this article is available here.

Recently I have been working on my first Rails application, even though I have been working with Ruby for a number of years, this is the first time I’ve ever developed an application using the Rails framework. By trade, I’m a Security Tester, however, I do like to work on software projects in order to keep my skills sharp and practice what I preach.

Rails has some security features built in and enabled by default, however, I also recommend installing some additional Gems which cover security features Rails lacks by default. This article explains what are the basic Ruby on Rails built in security features and which are the gems I recommend intsalling.

Ruby on Rails Built in Security Features

I’m a great believer in secure by default and making security easy for developers. Some may argue that by making security easy, it will make developers pay less attention to security and possibly lead them to making more security mistakes. Kind of like a horse with blinkers on. In reality I think it is probably a balance, don’t make security invisible to the developer but instead make it just easy enough for them to implement correctly.

So be warned! Don’t just rely on Rail’s built in security features thinking that they offer a 100% effective way at mitigating the vulnerabilities they were designed to prevent against. Instead, learn how to use them correctly and know their limitations.

Preventing Cross-Site Scripting (XSS)

To help prevent Cross-Site Scripting (XSS) vulnerabilities we sanitise input and encode output using the correct encoding for the output context.

Sanitising Input

Rails makes sanitising input easy with its Model View Controller (MVC) design. Any data stored or retrieved from a database should pass through a Model, so this is a great place to sanitise our stored data. Using Active Record Validations within our models we can ensure that data is present and/or in a specific format.

You can also sanitise input/output within your View using the sanitize method. The sanitize method ‘will html encode all tags and strip all attributes that aren’t specifically allowed’. Let’s pass it a common XSS payload and see how it reacts:

<%= sanitize '<img src=x onerror=prompt(1)>' %>

The above will output:

<img src=“x”>

As we can see the sanitize method has allowed our img tag with the src attribute, but it has  removed the onerror event attribute. By default, if we don’t whitelist which tags/attributes we want, Rails will make that decision for us on what it believes is ‘safe’.

If we whitelist the src and onerror attributes, our XSS payload is executed:

<%= sanitize '<img src=x onerror=prompt(1)>', attributes: %w(src onerror) %>

The above will output:

<img src="x" onerror="prompt(1)">

Encoding Output

In modern versions of Rails, strings output in the View are automatically encoded. However, there may be occasions when you want to encode HTML output by yourself. The main output encoding method in rails is called html_escape, you can also use h() as an alias. The html_escape method ‘escapes html tag characters’.

Let’s pass it a common XSS payload and see how it reacts:

<%= html_escape '<img src=x onerror=prompt(1)>' %>

The above will output:

&lt;img src=x onerror=prompt(1)&gt;

As we can see the html_escape method has converted the < and > characters into html entities, ensuring the browser does not interpret them as markup.

This is the same output as we would see if we simply passed a string, thanks to Rails’s default encoding:

<%= "<img src=x onerror=prompt(1)>" %>

The above will output:

&lt;img src=x onerror=prompt(1)&gt;

But don’t forget what we said earlier! Just because modern versions of Rails encode strings in Views by default, does not mean that XSS can not happen. One example is within the href value of a link (using the link_to method).

Preventing Cross-Site Request Forgery (CSRF)

Modern versions of Rails protect against CSRF attacks by default by including a token named authenticity_token within HTML responses. This token is also stored within the user’s session cookie – when a request is received by Rails it checks one against the other. If they do not match, an error is raised.

It is important to note that Rails’s CSRF protection does not apply to GET requests. GET requests should not be used to change the application’s state anyway and should only be used to request resources.

Although enabled by default, you can double check that it’s enabled by seeing if the protect_from_forgery method is within the main ApplicationController.

Preventing SQL Injection

Rails uses an Object Relational Mapping (ORM) framework called ActiveRecord to abstract interactions with a database. ActiveRecord, in most cases, protects against SQL Injection by default, however, there are ways in which it can be used insecurely which can lead to SQL Injection.

Using ActiveRecord we can select the user with the supplied id and retrieve that user’s username:

User.find(params[:id]).username

The above will return the username of the user whose user id matches the one supplied via the params hash. Let’s take a look at the SQL query generated by the code above on the backend:

SELECT  "users".* FROM "users"  WHERE "users"."id" = ? LIMIT 1  [["id", 1]]

As we can see from the SQL query above, when using the find method on the User object ActiveRecord is binding id to the SQL statement. Protecting us from SQL Injection.
What if we wanted to select a user which matched a username and password, commonly seen in authentication forms. You might see something like this:

User.where("username = '#{username}' AND encrypted_password = '#{password}'").first

If we supply a username with the value ‘) OR 1– the corresponding SQL query on the backend becomes:

SELECT  "users".* FROM "users"  WHERE (username = '') OR 1--' AND encrypted_password = 'a')  ORDER BY "users"."id" ASC LIMIT 1

By injecting our specially crafted SQL, what we have done is told the database to return all rows from the users table where the username is null or true. This makes the SQL statement return true along with all of the data in the users table.

For some great examples of how not to use ActiveRecord, here’s a great resource which I suggest you check regularly to ensure you don’t have any of the examples within your code – http://rails-sqli.org/

Ruby on Rails Security Gems

As we have seen, Rails offers many built in security features to help protect our applications, data and users from web based attacks. But we also saw that these have their limitations. For security features that Rails does not offer by default there are always Gems, lots and lots of Gems. Here are some of my favourite.

devise

Devise is a popular authentication and authorisation Gem for Rails. It offers secure password storage using bcrypt to hash salted passwords. User lockouts, user registration, forgot password functionality and more.

Although Devise’s own README states “If you are building your first Rails application, we recommend you to not use Devise”, I would ignore this statement. If you’re security aware and have built applications in other frameworks before, I don’t see any issue with using Devise for your first Rails application.

URL: https://github.com/plataformatec/devise

brakeman

Brakeman is a Static Code Analysis tool for Rails applications. It searches your application’s source code for potential vulnerabilities. Although it does report the occasional False Positive, personally, I think this is a great Gem and one I would definitely recommend running against your application before going into production. Even better, run it after every commit.

URL: https://github.com/presidentbeef/brakeman

secure_headers

Developed by Twitter, SecureHeaders is a Gem that implements security related HTTP headers into your application’s HTTP responses. Headers such as Content Security Policy to help protect against Cross-Site Scripting (XSS) attacks, HTTP Strict Transport Security (HSTS) to ensure your site is only accessible over secure HTTPS, X-Frame-Options and others.

URL: https://github.com/twitter/secureheaders

rack-attack

Developed by Kickstarter, Rack::Attack is a Gem for blocking & throttling abusive requests.   Personally, I use Rack::Attack to prevent forms being abused, for example, instead of implementing a CAPTCHA on a submission form, I use Rack::Attack to ensure it is not submitted too many times in a short space of time. This should prevent automated tools from abusing the form submission. It also supports whitelisting and blacklisting of requests.

URL: https://github.com/kickstarter/rack-attack

codesake-dawn

Codesake::Dawn is similar to brakeman in that it scans your source code for potential vulnerabilities. However, Codesake::Dawn also has a database of known vulnerabilities which it uses to scan your Ruby, Rails and Gems for known issues.

URL: https://github.com/codesake/codesake-dawn

Ruby on Rails Code Quality Gems

Sloppy and messy code leads to bugs and some bugs may have security implications. Better quality code is more secure code. Let’s take a look at what Gems we can use to ensure our code is nice and clean.

rails_best_practices

The rails_best_practices Gem is a great Gem for ensuring your code is adhering to best practices. It will help you make your code more readable and eloquent by scanning through it and giving you suggestions on how to improve the syntax.

URL: https://github.com/railsbp/rails_best_practices

rubocop

Rubocop is not specific to Rails and can be used for any Ruby application. It uses the Ruby Style Guide as a reference to scan your code and ensure you adhere to it. Things like variable naming, method size, using outdated syntax, etc.

URL: https://github.com/bbatsov/rubocop

Have a nice day!!!

Advertisements

10 security tips to protect your website from hackers


Source of this article is as here.

 

You may not think your site has anything worth being hacked for, but websites are compromised all the time. The majority of website security breaches are not to steal your data or deface your website, but instead attempts to use your server as an email relay for spam, or to setup a temporary web server, normally to serve files of an illegal nature.

Hacking is regularly performed by automated scripts written to scour the Internet in an attempt to exploit known website security issues in software. Here are our top 10 tips to help keep you and your site safe online.

01. Keep software up to date

It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum. When website security holes are found in software, hackers are quick to attempt to abuse them.

If you are using a managed hosting solution then you don’t need to worry so much about applying security updates for the operating system as the hosting company should take care of this.

If you are using third-party software on your website such as a CMS or forum, you should ensure you are quick to apply any security patches. Most vendors have a mailing list or RSS feed detailing any website security issues. WordPress, Umbraco and many other CMSes notify you of available system updates when you log in.

02. SQL injection

SQL injection attacks are when an attacker uses a web form field or URL parameter to gain access to or manipulate your database. When you use standard Transact SQL it is easy to unknowingly insert rogue code into your query that could be used to change tables, get information and delete data. You can easily prevent this by always using parameterised queries, most web languages have this feature and it is easy to implement.

Consider this query:

"SELECT * FROM table WHERE column = '" + parameter + "';"

If an attacker changed the URL parameter to pass in ‘ or ‘1’=’1 this will cause the query to look like this:

"SELECT * FROM table WHERE column = '' OR '1'='1';"

Since ‘1’ is equal to ‘1’ this will allow the attacker to add an additional query to the end of the SQL statement which will also be executed.

03. XSS

Cross site scripting is when an attacker tries to pass in JavaScript or other scripting code into a web form to attempt to run malicious code for visitors of your site. When creating a form always ensure you check the data being submitted and encode or strip out any HTML.

04. Error messages

Be careful with how much information you give away in your error messages. For example if you have a login form on your website you should think about the language you use to communicate failure when attempting logins. You should use generic messages like “Incorrect username or password” as not to specify when a user got half of the query right. If an attacker tries a brute force attack to get a username and password and the error message gives away when one of the fields are correct then the attacker knows he has one of the fields and can concentrate on the other field.

Keep your error messages vague

05. Server side validation/form validation

Validation should always be done both on the browser and server side. The browser can catch simple failures like mandatory fields that are empty and when you enter text into a numbers only field. These can however be bypassed, and you should make sure you check for these validation and deeper validation server side as failing to do so could lead to malicious code or scripting code being inserted into the database or could cause undesirable results in your website.

06. Passwords

Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is crucial to use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts.

As much as users may not like it, enforcing password requirements such as a minimum of around eight characters, including an uppercase letter and number will help to protect their information in the long run.

Passwords should always be stored as encrypted values, preferably using a one way hashing algorithm such as SHA. Using this method means when you are authenticating users you are only ever comparing encrypted values. For extra website security it is a good idea to salt the passwords, using a new salt per password.

In the event of someone hacking in and stealing your passwords, using hashed passwords could help damage limitation, as decrypting them is not possible. The best someone can do is a dictionary attack or brute force attack, essentially guessing every combination until it finds a match. When using salted passwords the process of cracking a large number of passwords is even slower as every guess has to be hashed separately for every salt + password which is computationally very expensive.

Thankfully, many CMSes provide user management out of the box with a lot of these website security features built in, although some configuration or extra modules might be required to use salted passwords (pre Drupal 7) or to set the minimum password strength. If you are using .NET then it’s worth using membership providers as they are very configurable, provide inbuilt website security and include readymade controls for login and password reset.

07. File uploads

Allowing users to upload files to your website can be a big website security risk, even if it’s simply to change their avatar. The risk is that any file uploaded however innocent it may look, could contain a script that when executed on your server completely opens up your website.

If you have a file upload form then you need to treat all files with great suspicion. If you are allowing users to upload images, you cannot rely on the file extension or the mime type to verify that the file is an image as these can easily be faked. Even opening the file and reading the header, or using functions to check the image size are not full proof. Most images formats allow storing a comment section which could contain PHP code that could be executed by the server.

So what can you do to prevent this? Ultimately you want to stop users from being able to execute any file they upload. By default web servers won’t attempt to execute files with image extensions, but it isn’t recommended to rely solely on checking the file extension as a file with the name image.jpg.php has been known to get through.

Some options are to rename the file on upload to ensure the correct file extension, or to change the file permissions, for example, chmod 0666 so it can’t be executed. If using *nix you could create a .htaccess file (see below) that will only allow access to set files preventing the double extension attack mentioned earlier.

deny from all
    <Files ~ "^\w+\.(gif|jpe?g|png)$">
    order deny,allow
    allow from all
    </Files>

Ultimately, the recommended solution is to prevent direct access to uploaded files all together. This way, any files uploaded to your website are stored in a folder outside of the webroot or in the database as a blob. If your files are not directly accessible you will need to create a script to fetch the files from the private folder (or an HTTP handler in .NET) and deliver them to the browser. Image tags support an src attribute that is not a direct URL to an image, so your src attribute can point to your file delivery script providing you set the correct content type in the HTTP header. For example:

<img src="/imageDelivery.php?id=1234" />
     
<?php
      // imageDelivery.php
     
      // Fetch image filename from database based on $_GET["id"]
      ...
     
      // Deliver image to browser
       Header('Content-Type: image/gif');
      readfile('images/'.$fileName);  
     
?>

Most hosting providers deal with the server configuration for you, but if you are hosting your website on your own server then there are few things you will want to check.

Ensure you have a firewall setup, and are blocking all non essential ports. If possible setting up a DMZ (Demilitarised Zone) only allowing access to port 80 and 443 from the outside world. Although this might not be possible if you don’t have access to your server from an internal network as you would need to open up ports to allow uploading files and to remotely log in to your server over SSH or RDP.

If you are allowing files to be uploaded from the Internet only use secure transport methods to your server such as SFTP or SSH.

If possible have your database running on a different server to that of your web server. Doing this means the database server cannot be accessed directly from the outside world, only your web server can access it, minimising the risk of your data being exposed.

Finally, don’t forget about restricting physical access to your server.

09.SSL

SSL is a protocol used to provide security over the Internet. It is a good idea to use a security certificate whenever you are passing personal information between the website and web server or database. Attackers could sniff for this information and if the communication medium is not secure could capture it and use this information to gain access to user accounts and personal data.

Use an SSL certificate

10. Website security tools

Once you think you have done all you can then it’s time to test your website security. The most effective way of doing this is via the use of some website security tools, often referred to as penetration testing or pen testing for short.

There are many commercial and free products to assist you with this. They work on a similar basis to scripts hackers will use in that they test all know exploits and attempt to compromise your site using some of the previous mentioned methods such as SQL injection.

Some free tools that are worth looking at:

  • Netsparker (Free community edition and trial version available). Good for testing SQL injection and XSS
  • OpenVAS. Claims to be the most advanced open source security scanner. Good for testing known vulnerabilities, currently scans over 25,000. But it can be difficult to setup and requires a OpenVAS server to be installed which only runs on *nix. OpenVAS is fork of a Nessus before it became a closed-source commercial product.

The results from automated tests can be daunting, as they present a wealth of potential issues. The important thing is to focus on the critical issues first. Each issue reported normally comes with a good explanation of the potential vulnerability. You will probably find that some of the medium/low issues aren’t a concern for your site.

If you wish to take things a step further then there are some further steps you can take to manually try to compromise your site by altering POST/GET values. A debugging proxy can assist you here as it allows you to intercept the values of an HTTP request between your browser and the server. A popular freeware application called Fiddler is a good starting point.

So what should you be trying to alter on the request? If you have pages which should only be visible to a logged in user then I would try changing URL parameters such as user id, or cookie values in an attempt to view details of another user. Another area worth testing are forms, changing the POST values to attempt to submit code to perform XSS or to upload a server side script.

Use a debugging proxy to root out vulnerabilities

Hopefully these tips will help keep your site and information safe. Thankfully most CMSes have a lot of inbuilt website security features, but it is a still a good idea to have knowledge of the most common security exploits so you can ensure you are covered.

There are also some helpful modules available for CMSes to check your installation for common security flaws such as Security Review for Drupal and WP Security Scan for WordPress.

Remove many apks getting after Crosswalk integration in an Ionic app


here is the solution for the same, you can create new file as-

  1. Create a file named build-extras.gradle inside my /platform/android/ directory.
  2. put ext.cdvBuildMultipleApks=false inside it.
  3. ionic build android --release then and Voila, it worked.

(or)

the same can be done by adding one line in your existing file it will Take a minute and you can get the single build file by commenting out the

cdvBuildMultipleApks=true

line in the platforms/android/gradle.properties.

Cheers

         (Or)

to see single apk just use this command and To build separate APKs for x86 and arm7, use this command-

$ MUILD_MULTIPLE_APKS=true ionic run android

         (Or)

Removing Crosswalk
Crosswalk can removed two ways.

$ ionic browser revert android
# or
$ ionic browser remove crosswalk

you can also see here.

Have a nice day!!!

Sublime Text Keyboard Shortcut for easy use


Use these rapid keyboard shortcuts to control Linux, Mac OSX, and Windows versions of Sublime Text for all.

Key to the Keys

  • ⌘ : Command key
  • ⌃ : Control key
  • ⌫ : Delete key
  • ↓ : Down arrow key
  • ⌥ : Option or Alt key
  • ↩ : Return or Enter key
  • ⇧ : Shift key
  • ↑ : Up arrow key

: indicates that the step after the arrow should take place after the step before the arrow

General

Command Mac OSX Windows Linux
Open Cmd Prompt ⌘ + ⇧ + P Ctrl + ⇧ + P Ctrl + ⇧ + P
Toggle Side Bar ⌘ + K, ⌘ + B Ctrl + KB Ctrl + KB
Show Scope (Status Bar) ⌃ + ⇧ + P Ctrl + ⇧ + Alt + P Ctrl + ⇧ + Alt + P

Language

Command Mac OSX Windows Linux
Select File Language ⌘ + ⇧ + P [language] Ctrl + ⇧ + P [language] Ctrl + ⇧ + P [language]

Use the “Set Syntax: [language]” selection that is automatically populated in the command menu when you type the programming language.

Editing

Command Mac OSX Windows Linux
Delete Line ⌘ + X Ctrl + X Ctrl + X
Insert Line After ⌘ + ↩ Ctrl + ↩ Ctrl + ↩
Insert Line Before ⌘ + ⇧ + ↩ Ctrl + ⇧ + ↩ Ctrl + ⇧ + ↩
Move Line Up ⌘ + ⌃ + ↑ Ctrl + ⇧ + ↑ Ctrl + ⇧ + ↑
Move Line Down ⌘ + ⌃ + ↓ Ctrl + ⇧ + ↓ Ctrl + ⇧ + ↓
Select Line ⌘ + L Ctrl + L Ctrl + L
Select Word ⌘ + D Ctrl + D Ctrl + D
Multi-Select Editing ⌃ + ⌘ + G Alt + F3 Alt + F3
Jump to Closing Parenthesis ⌃ + M Ctrl + M Ctrl + M
Select Contents of Current Parentheses ⌃ + ⇧ + M Ctrl + ⇧ + M Ctrl + ⇧ + M
Delete from Cursor to End of Line ⌘ + K,⌘ + K Ctrl + KK Ctrl + KK
Delete from Cursor to Start of Line ⌘ + K + ⌫ Ctrl + K + ⌫ Ctrl + K + ⌫
Indent Current Line(s) ⌘ + ] Ctrl + ] Ctrl + ]
Unindent Current Line(s) ⌘ + [ Ctrl + [ Ctrl + [
Duplicate Line(s) ⌘ + ⇧ + D Ctrl + ⇧ + D Ctrl + ⇧ + D
Join Line Below Current Line ⌘ + J Ctrl + J Ctrl + J
Comment/Uncomment Current Line ⌘ + / Ctrl + / Ctrl + /
Block Comment Current Selection ⌘ + ⌥ + / Ctrl + ⇧ + / Ctrl + ⇧ + /
Redo/Repeat Last Keyboard Shortcut ⌘ + Y Ctrl + Y Ctrl + Y
Paste with Proper Indenting ⌘ + ⇧ + V Ctrl + ⇧ + V Ctrl + ⇧ + V
Select Next Autocomplete Suggestion ⌃ + Space Ctrl + Space Ctrl + Space
Soft Undo ⌃ + U Ctrl + U Ctrl + U
Column Selection Up ⌃ + ⇧ + Up Ctrl + Alt + Up Alt + ⇧ + Up
Column Selection Down ⌃ + ⇧ + Down Ctrl + Alt + Down Alt + ⇧ + Down

Transform

Command Mac OSX Windows Linux
To Uppercase ⌘ + K, ⌘ + U Ctrl + KU Ctrl + KU
To Lowercase ⌘ + K, ⌘ + L Ctrl + KL Ctrl + KL
Increase Font Size ⌘ + Ctrl + Ctrl +
Decrease Font Size ⌘ – Ctrl – Ctrl –

Find & Replace

Command Mac OSX Windows Linux
Find ⌘ + F Ctrl + F Ctrl + F
Replace ⌘ + ⌥ + F Ctrl + H Ctrl + H
Find in Files ⌘ + ⇧ + F Ctrl + ⇧ + F Ctrl + ⇧ + F
Use Selection for Find ⌘ + E Ctrl + E Ctrl + E
Use Selection for Replace ⇧ + ⌘ + E ⇧ + Ctrl + E ⇧ + Ctrl + E

Navigation

Command Mac OSX Windows Linux
Quick Open File (by Name) ⌘ + P Ctrl + P Ctrl + P
Go To Symbol ⌘ + R Ctrl + R Ctrl + R
Go To Line ⌃ + G Ctrl + G Ctrl + G

Code Folding

Command Mac OSX Windows Linux
Fold Selection ⌥ + ⌘ + [ ⇧ + Ctrl + [ ⇧ + Ctrl + [
Unfold Selection ⌥ + ⌘ + ] ⇧ + Ctrl + ] ⇧ + Ctrl + ]
Unfold All ⌘ + K, ⌘ + J Ctrl +KJ Ctrl + KJ

Bookmarks

Command Mac OSX Windows Linux
Toggle Bookmark ⌘ + F2 Ctrl + F2 Ctrl + F2
Next Bookmark F2 F2 F2
Previous Bookmark ⇧ + F2 ⇧ + F2 ⇧ + F2
Clear Bookmarks ⇧ + ⌘ + F2 ⇧ + Ctrl + F2 ⇧ + Ctrl + F2

It will help you to make task easy and faster if you use shortcut.

We can see more here as a source.

 

Thanks for reading,

HAve a nice Day !!!.

How to resolve Rails issue- An error occurred while installing mysql2 (0.4.4), and Bundler cannot continue. Make sure that `gem install mysql2 -v ‘0.4.4’` succeeds before bundling.


Hi all,

you may get this issue while working on Rails 4.0 and above version along with Ruby 2.0 and above.

this is very common issue if you are going ahead with up gradation of Rails environment.

Steps to be follow-

For Windows System-

  1. Download the the newest mysql-connector to c:\mysql-connector folder
  2. gem install mysql2 — ‘–with-mysql-include=”C:\mysql-connector\include” –with-mysql-lib=”C:\mysql-connector\lib”
  3.  

    Hopefully it will work for you.

For Ubuntu System-

  1. open terminal (Ctrl+alt+T)
  2. $ sudo apt-get install libmysqld-dev
  3. Run bundle from your project directory $ bundle

This will resolve the issue.

Have a nice Day !!!

What new in rails 5.0.0rc and its feature


Rails 5.0 and its importance-

Rails 5.0.0.rc1 was released May 6, 2016 and we can have a look on it by clicking this link.

From the start, Rails was praised for being the easiest way to get Ruby on the web.

Merging Rails API

Over the last few years, many thanks to Backbone.js and Angular.JS, the number of Single Page Applications (SPAs) are on the rise. The last few projects that I have built have been purely SPA and using Rails for these cases was an overkill.

NOTE: Before migrating to Rails 5 you need to make sure that your app works on Ruby 2.2.1.

Due to these enhancements, Ruby 2.2+ was a ripe candidate for Rails 5. Rails 5 will only work on Ruby 2.2.1 and above.

Tubolinks 3 allows you to retain most of your page and selectively update certain regions through partials. This is very similar to how SPA’s work, and you can choose to do all this from the server.

There were groans in the audience when DHH announced, again, his love for TurboLinks and their inclusion in Rails 5.

TurboLinks are a method for making your application feel a bit faster by using JavaScript to replace portions of content instead of reloading an entire page. But TurboLinks can also make an application a little heavy on client-side JavaScript, which can sometimes mean unresponsiveness or slowdowns.

If you are familiar with the functionality of TurboLinks in your application, do not fret! Things are not changing significantly. TurboLinks 3 will be an evolutionary step towards better speed and better rendering.

Note: The way React works is, it maintains a Virtual DOM where all the manipulations happen. It then diff’s the Virtual DOM and the actual DOM and makes only the required changes. It ensures that DOM is hit only when absolutely required and the changes are bare minimum.

Action Cable

The biggest news at RailsConf was the introduction of Action Cable. Action Cable is a feature used to extend Rails via WebSockets to add real-time message passing functionality.

Note: For the uninitiated, WebSockets is a W3C standard that opens up a duplex connection from your browser. Servers can talk (i.e., push updates) to clients as needed, and asynchronously update the client’s state without a full page reload. For instance, this is how Gmail loads new emails without reloading the entire page.

CoffeeScript

DHH has reaffirmed his love for CoffeeScript. Baked into Rails in version 3, CoffeeScript was made the default JavaScript option when using Rails. Some developers believed this was went too far.

One thing we can be sure of is: CoffeeScript is the default JavaScript flavour in Rails, and this won’t be going away anytime soon.

Ruby Version Support

Rails 5 will only support Ruby versions 2.2.1 and higher. As Ruby progresses as a language, backwards compatibility needs to be sacrificed for new features.

Some Niceties

1. Rake Inside Rails

For many a Rails noob, having to figure out when to use rake and when to use rails is a source of confusion. Now you don’t need to switch context between the rake and rails commands. You can run all Rake tasks with the rails keyword. For instance,

rake db:migrate

will now become:

rails db:migrate

This may not look like much on the surface, but this will make the lives of beginners much simpler. Rails 5 will also add a restart command that quickly restarts the application.

2. Active Record Changes

One change that almost went unnoticed was the update to belongs_to. When you create a Studentbelongs_to Class relation, it was possible to create a student without an associated Class relation. This lead to a lot of data inconsistencies. With Rails 5, he parent has become mandatory. If you try to insert an empty record here, Active Record will throw up.

3. Changes to Controller Tests

If you’re testing what your template renders in your controller, you are doing it wrong. A simple change to your template will leave you with sleepless nights, hunting down the culprit. That’s why, in Rails 5,assert_template is deprecated. However, you can continue using assert_select to check if a specific DOM element is present.

If you’ve been testing the instance variables inside a controller method, you should note that assigns is also going away.

there are two more important links for the same as-

  1. sitepoint link
  2. Blog eng link

Thanks for your time

Wait for your valuable comment.

Have a nice day!!!

What are the positive aspects of Rails?


Rails provides many features like

Scaffolding: Rails have an ability to create scaffolding or temporary code automatically.
CoC (Convention over configuration): Unlike other development framework, Rails does not require much configuration, if you follow the naming convention carefully

Meta-programming: Rails uses code generation but for heavy lifting it relies on meta-programming. Ruby is considered as one of the best language for Meta-programming.
Active Record: It saves object to the database through Active Record Framework. The Rails version of Active Record identifies the column in a schema and automatically binds them to your domain objects using meta-programming

Three environments: Rails comes with three default environment testing, development, and production.
Built-in-testing: It supports code called harness and fixtures that make test cases to write and execute.
———————————————————————————-

download

Explain what is the role of sub-directory app/controllers and app/helpers?

App/controllers: A web request from the user is handled by the Controller. The controller sub-directory is where Rails looks to find controller classes
App/helpers: The helper’s sub-directory holds any helper classes used to assist the view, model and controller classes.

for more detail visit http://career.guru99.com/top-34-ruby-on-rail-interview-questions/

Have a nice day!!!

To perform the requested action, WordPress needs to access your web server. Please enter your FTP credentials to proceed. If you do not remember your credentials, you should contact your web host


This is very common error for WordPress.

finally I come to see this link, which help me most.

I try to give all the permission for my Project_Dir and stuffs which are just wasting of time.

This simple way i got my problem resolved.

step are as below-

  1. Go to /var/www/html/project_dir.
  2. search for wp-config.php file
  3. Add define(‘FS_METHOD’,’direct’);
  4. Save and exit.

Or we can do the same by terminal

  1. open terminal (ctrl+alt+t).
  2. type cd /var/www/html/project_dir_name.
  3. sudo nano /wp-config.php.
  4. add define(‘FS_METHOD’,’direct’); anywhere you like to add.
  5. press ctrl+x to exit from file.
  6. press‘y’ to save the file.
  7. hit return key (enter).

Have a good day.

Install Python and Odoo on Ubuntu


It is necessary to install python on machine first.

All the latest version of Ubuntu have python installed by-default.

type python –version

to check the current version of this.

It may contain may versions of python such as-

2.7.6 to 3.5.1

If you have python installed then move to install Odoo

before we install, just have a look on Odoo doc.

There it is suggest us to install by two way-

  1. Packaged installers
  2. Source Install

where 2 one is prefered one because it is

harder to get started than Packaged installers, provides even greater flexibility: packaged installers don’t generally allow multiple running Odoo versions on the same system, and don’t provide easy source access to Odoo itself.

Source Install can be done by-

There are two way to get the odoo source source zip or git.

  • Odoo zip can be downloaded from https://nightly.odoo.com/9.0/nightly/src/odoo_9.0.latest.zip, the zip file then needs to be uncompressed to use its content
  • git allows simpler update and easier switching between differents versions of Odoo. It also simplifies maintaining non-module patches and contributions. The primary drawback of git is that it is significantly larger than a tarball as it contains the entire history of the Odoo project.The git repository is https://github.com/odoo/odoo.git.

    Downloading it requires a git client (which may be available via your distribution on linux) and can be performed using the following command:

    $ git clone https://github.com/odoo/odoo.git
    
    

    Getting started with Odoo

    For a standard installation please follow the Setup instructions from the documentation.

    If you are a developer you may type the following command at your terminal:

    wget -O- https://raw.githubusercontent.com/odoo/odoo/9.0/odoo.py | python
    

    Then follow the developer tutorials

    For Odoo employees

    To add the odoo-dev remote use this command:

    $ ./odoo.py setup_git_dev
    

    To fetch odoo merge pull requests refs use this command:

    $ ./odoo.py setup_git_review
    Have a nice day !!

Install Ionic-lab on Ubuntu and run app


Create, build, test, and deploy Ionic apps. Using IonicLab –

  1. Download ionic-lab :
    wget http://ionic-io-assets.s3.amazonaws.com/labs/IonicLab-linux-x64.tar.gz

    or download manual by clicking here and select Linux.   When dowonload got successful, go to Download directory by using terminal (Ctrl+alt+t). You will see a new tar file – named as – IonicLab-linux-x64.tar.gz.

  2. Type tar -zxvf IonicLab-linux-x64.tar.gz  to Extract archive.
  3. After that you can see an executable file in Download file
  4. Run that executable file by double clicking on the file named IonicLab.
  5. Now you can see IonicLab running on your machine.

 

Have a nice day!!!