SlideShare uma empresa Scribd logo

Innovation and Security in Ruby on Rails

T
tielefeld
Tecnologia
1 de 68
Ruby on Rails Innovation and Security Tillmann Bielefeld 1
In 2001 2 Rails - Innovation and Security
"01a4" != "001a4" "01e4" == "001e4" I started hacking 3 Rails - Innovation and Security
"01a4" != "001a4" "01e4" == "001e4" "01e4" == "10000" I started hacking 3 Rails - Innovation and Security
4 Rails - Innovation and Security
2006 - 2008 5 Rails - Innovation and Security
Too many... 6 Rails - Innovation and Security
Layers 7 Rails - Innovation and Security
Discussions 8 Rails - Innovation and Security
Stack Traces 9 Rails - Innovation and Security
! at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:192) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1001) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:149) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.Server.handle(Server.java:360) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:454) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:890) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:944) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716 ! at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:630) [jetty-http-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:230) [jetty-http-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:77) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:622) [jetty-io-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:46) [jetty-io-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:603) [jetty-util-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:538) [jetty-util-8.1.5.v20120716.jar:8.1.5.v20120716] ! at java.lang.Thread.run(Thread.java:680) [na:1.6.0_31] Caused by: org.springframework.dao.InvalidDataAccessApiUsageException: [Assertion failed] - this argument is required; it must not be null; nested exception is java.lan failed] - this argument is required; it must not be null ! at org.springframework.orm.jpa.EntityManagerFactoryUtils.convertJpaAccessExceptionIfPossible(EntityManagerFactoryUtils.java:301) ~[spring-orm-3.1.2.RELEASE.jar:3.1 ! at org.springframework.orm.jpa.vendor.HibernateJpaDialect.translateExceptionIfPossible(HibernateJpaDialect.java:106) ~[spring-orm-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.dao.support.ChainedPersistenceExceptionTranslator.translateExceptionIfPossible(ChainedPersistenceExceptionTranslator.java:58) ~[spring-tx-3. ! at org.springframework.dao.support.DataAccessUtils.translateIfNecessary(DataAccessUtils.java:213) ~[spring-tx-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:163) ~[spring-tx-3.1.2.RELEASE ! at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.data.jpa.repository.support.LockModeRepositoryPostProcessor$LockModePopulatingMethodIntercceptor.invoke(LockModeRepositoryPostProcessor.java jpa-1.2.0.M1.jar:na] ! at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at $Proxy44.findByNameStartsWith(Unknown Source) ~[na:na] ! ... 46 common frames omitted Caused by: java.lang.IllegalArgumentException: [Assertion failed] - this argument is required; it must not be null ! at org.springframework.util.Assert.notNull(Assert.java:112) ~[spring-core-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.util.Assert.notNull(Assert.java:123) ~[spring-core-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.data.jpa.repository.query.ParameterMetadataProvider$ParameterMetadata.prepare(ParameterMetadataProvider.java:156) ~[spring-data-jpa-1.2.0.M1 ! at org.springframework.data.jpa.repository.query.CriteriaQueryParameterBinder.bind(CriteriaQueryParameterBinder.java:68) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.ParameterBinder.bind(ParameterBinder.java:108) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.PartTreeJpaQuery$CountQueryPreparer.invokeBinding(PartTreeJpaQuery.java:196) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.PartTreeJpaQuery$QueryPreparer.createQuery(PartTreeJpaQuery.java:121) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.PartTreeJpaQuery.doCreateCountQuery(PartTreeJpaQuery.java:82) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.AbstractJpaQuery.createCountQuery(AbstractJpaQuery.java:148) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.JpaQueryExecution$PagedExecution.doExecute(JpaQueryExecution.java:99) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.JpaQueryExecution.execute(JpaQueryExecution.java:55) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.AbstractJpaQuery.doExecute(AbstractJpaQuery.java:95) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.AbstractJpaQuery.execute(AbstractJpaQuery.java:85) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.invoke(RepositoryFactorySupport.java:313) ~[spring-data ! at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110) ~[spring-tx-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:155) ~[spring-tx-3.1.2.RELEASE Stack Traces ! ... 53 common frames omitted 9 Rails - Innovation and Security
$ irb > a ruby-1.9.3-p0 :045 > a NameError: undefined local variable or method `a' for main:Object ruby-1.9.3-p0 :046 > b NameError: undefined local variable or method `b' for main:Object ruby-1.9.3-p0 :047 > a = b NameError: undefined local variable or method `b' for main:Object ruby-1.9.3-p0 :048 > a = a ... ? 2004 10 Rails - Innovation and Security
$ irb > a ruby-1.9.3-p0 :045 > a NameError: undefined local variable or method `a' for main:Object ruby-1.9.3-p0 :046 > b NameError: undefined local variable or method `b' for main:Object ruby-1.9.3-p0 :047 > a = b NameError: undefined local variable or method `b' for main:Object ruby-1.9.3-p0 :048 > a = a ... ? => nil 2004 10 Rails - Innovation and Security
2004 11 Rails - Innovation and Security
page.replace_html('tasks', Task.completed_count) page.visual_effect(:highlight, 'tasks', :duration => 1.0) .rjs Remote Javascript 12 Rails - Innovation and Security
class  Role  <  ActiveRecord::Base    attr_accessor  :name    has_and_belongs_to_many  :clients end class  Client  <  ActiveRecord::Base    has_and_belongs_to_many  :roles end Active Record 13 Rails - Innovation and Security
class  Role  <  ActiveRecord::Base    attr_accessor  :name    has_and_belongs_to_many  :clients end class  Client  <  ActiveRecord::Base    has_and_belongs_to_many  :roles end client_roles 1 0..* client_id 0..* 1 Client role_id Role name Active Record 13 Rails - Innovation and Security
class  Role  <  ActiveRecord::Base    attr_accessor  :name    has_and_belongs_to_many  :clients end class  Client  <  ActiveRecord::Base    has_and_belongs_to_many  :roles end client_roles 1 0..* client_id 0..* 1 Client role_id Role Magic! name Active Record 13 Rails - Innovation and Security
class  Role  <  ActiveRecord::Base    attr_accessor  :name    has_and_belongs_to_many  :clients end Metaprogramming 14 Rails - Innovation and Security
class  Role  <  ActiveRecord::Base    attr_accessor  :name    has_and_belongs_to_many  :clients end Role.find_or_create_by_name("admin") Metaprogramming 14 Rails - Innovation and Security
class  Role  <  ActiveRecord::Base    attr_accessor  :name    has_and_belongs_to_many  :clients end Role.find_or_create_by_name("admin") def  method_missing(m,  *args,  &block)      #  magic end   Metaprogramming 14 Rails - Innovation and Security
class  Role  <  ActiveRecord::Base    attr_accessor  :name    has_and_belongs_to_many  :clients end Role.find_or_create_by_name("admin") def  method_missing(m,  *args,  &block)      #  magic end   Magic! Metaprogramming 14 Rails - Innovation and Security
2008 , Kiel 15 Rails - Innovation and Security
2009 16 Rails - Innovation and Security
2013 17 Rails - Innovation and Security
Innovation 18 Rails - Innovation and Security
Packet Management 19 Rails - Innovation and Security
$  gem  install  rails $  rails  server 20 Rails - Innovation and Security
source  "http://rubygems.org" gem  "json" gem  "rails" Gemfile gem  "empuxa-­‐deploy" $  bundle  install $  bundle  exec  script/rails Dependency Management 21 Rails - Innovation and Security
en_EN.yml i18n 22 Rails - Innovation and Security
launch.slogan1 en_EN.yml i18n 22 Rails - Innovation and Security
i18n_viz Gem 23 Rails - Innovation and Security
$  cap  deploy <code> Capistrano Deployment 24 Rails - Innovation and Security
$  cap  deploy <code> $  cap  staging  deploy staging Capistrano Deployment 24 Rails - Innovation and Security
$  cap  deploy <code> $  cap  staging  deploy staging $  cap  production  deploy production Capistrano Deployment 24 Rails - Innovation and Security
$  cap  deploy:migrations v1  -­‐>  v2 Capistrano Deployment 25 Rails - Innovation and Security
$  cap  deploy:migrations v1  -­‐>  v2 current shared releases    20130128231601    20130129231801    20130129161601 current Capistrano Deployment 25 Rails - Innovation and Security
$  cap  deploy:migrations v1  -­‐>  v2 $  cap  deploy  rollback current shared releases    20130128231601    20130129231801 current    20130129161601 current Capistrano Deployment 25 Rails - Innovation and Security
class  User  <  ActiveRecord::Base            devise  :database_authenticatable,                    :registerable,  :recoverable,                    :rememberable,  :trackable,  :validatable end Devise 26 Rails - Innovation and Security
<div  id='content'>    <div  class='left  column'>        <h2>Welcome  to  our  site!</h2>        <p><%=  print_information  %></p>    </div>    <div  class="right  column">Right</div> </div> HAML Views 27 Rails - Innovation and Security
<div  id='content'>    <div  class='left  column'>        <h2>Welcome  to  our  site!</h2>        <p><%=  print_information  %></p>    </div>    <div  class="right  column">Right</div> </div> #content    .left.column        %h2  Welcome  to  our  site!        %p=  print_information    .right.column        Right HAML Views 27 Rails - Innovation and Security
link_to_remote  "delete",    :confirm  =>  :true    :url  =>  delete_post(post.id) Ajax 28 Rails - Innovation and Security
link_to_remote  "delete",    :confirm  =>  :true    :url  =>  delete_post(post.id) unobstrusive <a  href="/posts/2"  class="delete_post"  data-­‐ confirm="Are  you  sure?"  data-­‐ method="delete"  data-­‐ remote="true"  rel="nofollow">Delete</a>     Ajax 28 Rails - Innovation and Security
Admin Interfaces 29 Rails - Innovation and Security
def  index     fancygrid_for  :users  do  |g|     g.attributes  :id,  :username,  :email       g.ajax_url  =  users_path     g.find     end   end Frontend Ajax Tables 30 Rails - Innovation and Security
RESTful APIs 31 Rails - Innovation and Security
Security 32 Rails - Innovation and Security
SQL Injection? 33 Rails - Innovation and Security
class  Role  <  ActiveRecord::Base    attr_accessor  :name end User.find_by_name(        "Robert');  DROP  TABLE  Students;  -­‐-­‐") SQL Injection. Solved. 34 Rails - Innovation and Security
class  Role  <  ActiveRecord::Base    attr_accessor  :name end User.find_by_name(        "Robert');  DROP  TABLE  Students;  -­‐-­‐") SQL Injection. Solved. 34 Rails - Innovation and Security
<script  language="javascript"> document.write("<script  src='malware.js'></script>"); </script> Cross Site Scripting 35 Rails - Innovation and Security
Cross Site Request Forgery 36 Rails - Innovation and Security
- RSpec - Jenkins - Minitest Automated Tests 37 Rails - Innovation and Security
Quality Assurance 38 Rails - Innovation and Security
$  cd  my_rails_app $  gem  install  brakeman $  brakeman  -­‐o  report.html brakeman 39 Rails - Innovation and Security
Fast Patching 40 Rails - Innovation and Security
User.find_by_id( {:select  =>"*  from  users  limit  1  -­‐-­‐"}) SELECT  *  from  users  limit  1  -­‐-­‐  FROM  "users"  WHERE   "users"."id"  IS  NULL  LIMIT  1  =>  #<User  id:  1,  all  other  attributes Security Leak, Jan 3rd 41 Rails - Innovation and Security
Email from Heroku 42 Rails - Innovation and Security
This   Morning! Email from Heroku 42 Rails - Innovation and Security
The Community 43 Rails - Innovation and Security
Number of Developers Low High Programming Experience 44 Rails - Innovation and Security
Number of Developers Low High Programmers 45 Rails - Innovation and Security
Number of Developers Low High PHP 46 Rails - Innovation and Security
Number of Developers Entry Barriers?! Low High Ruby 47 Rails - Innovation and Security
• Strong community Asking Developers 48 Rails - Innovation and Security
• Strong community • Simple magic • Eats resources • Enterprise ready • Hosting is either hard or expensive • Open + Innovative + Secure Asking Developers 48 Rails - Innovation and Security
MIT  Licence Openness + Connectivity 49 Rails - Innovation and Security
• Longest Stack Trace ever: https://gist.github.com/1078370 • Burger Picture: Epic Mealtime • http://brakemanscanner.org/ • http://www.railshosting.org/ • capistrano.org • http://www.globalnerdy.com/2012/01/28/wat-a-funny- look-at-ruby-and-javascript-oddities/ • http://www.optimum7.com/internet-marketing References 50 Rails - Innovation and Security

Recomendados

Sane Sharding with Akka Cluster
Sane Sharding with Akka ClusterSane Sharding with Akka Cluster
Sane Sharding with Akka Clustermiciek
 
Thinking Beyond ORM in JPA
Thinking Beyond ORM in JPAThinking Beyond ORM in JPA
Thinking Beyond ORM in JPAPatrycja Wegrzynowicz
 
Thinking Beyond ORM in JPA
Thinking Beyond ORM in JPAThinking Beyond ORM in JPA
Thinking Beyond ORM in JPAPatrycja Wegrzynowicz
 
Second Level Cache in JPA Explained
Second Level Cache in JPA ExplainedSecond Level Cache in JPA Explained
Second Level Cache in JPA ExplainedPatrycja Wegrzynowicz
 
Play vs Rails
Play vs RailsPlay vs Rails
Play vs RailsDaniel Cukier
 
Scala active record
Scala active recordScala active record
Scala active record鉄平 土佐
 
Advanced akka features
Advanced akka featuresAdvanced akka features
Advanced akka featuresGrzegorz Duda
 
Frontin like-a-backer
Frontin like-a-backerFrontin like-a-backer
Frontin like-a-backerFrank de Jonge
 

Recomendados

Sane Sharding with Akka Cluster
Sane Sharding with Akka ClusterSane Sharding with Akka Cluster
Sane Sharding with Akka Clustermiciek
 
Thinking Beyond ORM in JPA
Thinking Beyond ORM in JPAThinking Beyond ORM in JPA
Thinking Beyond ORM in JPAPatrycja Wegrzynowicz
 
Thinking Beyond ORM in JPA
Thinking Beyond ORM in JPAThinking Beyond ORM in JPA
Thinking Beyond ORM in JPAPatrycja Wegrzynowicz
 
Second Level Cache in JPA Explained
Second Level Cache in JPA ExplainedSecond Level Cache in JPA Explained
Second Level Cache in JPA ExplainedPatrycja Wegrzynowicz
 
Play vs Rails
Play vs RailsPlay vs Rails
Play vs RailsDaniel Cukier
 
Scala active record
Scala active recordScala active record
Scala active record鉄平 土佐
 
Advanced akka features
Advanced akka featuresAdvanced akka features
Advanced akka featuresGrzegorz Duda
 
Frontin like-a-backer
Frontin like-a-backerFrontin like-a-backer
Frontin like-a-backerFrank de Jonge
 
Composable and streamable Play apps
Composable and streamable Play appsComposable and streamable Play apps
Composable and streamable Play appsYevgeniy Brikman
 
Internal Hive
Internal HiveInternal Hive
Internal HiveRecruit Technologies
 
Testing Javascript with Jasmine
Testing Javascript with JasmineTesting Javascript with Jasmine
Testing Javascript with JasmineTim Tyrrell
 
With a Mighty Hammer
With a Mighty HammerWith a Mighty Hammer
With a Mighty HammerBen Scofield
 
Lazy vs. Eager Loading Strategies in JPA 2.1
Lazy vs. Eager Loading Strategies in JPA 2.1Lazy vs. Eager Loading Strategies in JPA 2.1
Lazy vs. Eager Loading Strategies in JPA 2.1Patrycja Wegrzynowicz
 
Why is My Spark Job Failing? by Sandy Ryza of Cloudera
Why is My Spark Job Failing? by Sandy Ryza of ClouderaWhy is My Spark Job Failing? by Sandy Ryza of Cloudera
Why is My Spark Job Failing? by Sandy Ryza of ClouderaData Con LA
 
Min-Maxing Software Costs - Laracon EU 2015
Min-Maxing Software Costs - Laracon EU 2015Min-Maxing Software Costs - Laracon EU 2015
Min-Maxing Software Costs - Laracon EU 2015Konstantin Kudryashov
 
Vuejs testing
Vuejs testingVuejs testing
Vuejs testingGreg TAPPERO
 
Scala ActiveRecord
Scala ActiveRecordScala ActiveRecord
Scala ActiveRecordscalaconfjp
 
The JavaFX Ecosystem
The JavaFX EcosystemThe JavaFX Ecosystem
The JavaFX EcosystemAndres Almiray
 
All I Need to Know I Learned by Writing My Own Web Framework
All I Need to Know I Learned by Writing My Own Web FrameworkAll I Need to Know I Learned by Writing My Own Web Framework
All I Need to Know I Learned by Writing My Own Web FrameworkBen Scofield
 
Akka and the Zen of Reactive System Design
Akka and the Zen of Reactive System DesignAkka and the Zen of Reactive System Design
Akka and the Zen of Reactive System DesignLightbend
 
Practical PHP 5.3
Practical PHP 5.3Practical PHP 5.3
Practical PHP 5.3Nate Abele
 
Java Play Restful JPA
Java Play Restful JPAJava Play Restful JPA
Java Play Restful JPAFaren faren
 
Rich Model And Layered Architecture in SF2 Application
Rich Model And Layered Architecture in SF2 ApplicationRich Model And Layered Architecture in SF2 Application
Rich Model And Layered Architecture in SF2 ApplicationKirill Chebunin
 
Java Play RESTful ebean
Java Play RESTful ebeanJava Play RESTful ebean
Java Play RESTful ebeanFaren faren
 
JavaScript Unit Testing with Jasmine
JavaScript Unit Testing with JasmineJavaScript Unit Testing with Jasmine
JavaScript Unit Testing with JasmineRaimonds Simanovskis
 
Introducing Assetic: Asset Management for PHP 5.3
Introducing Assetic: Asset Management for PHP 5.3Introducing Assetic: Asset Management for PHP 5.3
Introducing Assetic: Asset Management for PHP 5.3Kris Wallsmith
 
Integrating React.js with PHP projects
Integrating React.js with PHP projectsIntegrating React.js with PHP projects
Integrating React.js with PHP projectsIgnacio Martín
 
Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3makoto tsuyuki
 
Tik bab 4
Tik bab 4Tik bab 4
Tik bab 4AlmaAlmo
 
Power point bab 2
Power point bab 2Power point bab 2
Power point bab 2AlmaAlmo
 

Mais conteúdo relacionado

Mais procurados

Composable and streamable Play apps
Composable and streamable Play appsComposable and streamable Play apps
Composable and streamable Play appsYevgeniy Brikman
 
Testing Javascript with Jasmine
Testing Javascript with JasmineTesting Javascript with Jasmine
Testing Javascript with JasmineTim Tyrrell
 
With a Mighty Hammer
With a Mighty HammerWith a Mighty Hammer
With a Mighty HammerBen Scofield
 
Lazy vs. Eager Loading Strategies in JPA 2.1
Lazy vs. Eager Loading Strategies in JPA 2.1Lazy vs. Eager Loading Strategies in JPA 2.1
Lazy vs. Eager Loading Strategies in JPA 2.1Patrycja Wegrzynowicz
 
Why is My Spark Job Failing? by Sandy Ryza of Cloudera
Why is My Spark Job Failing? by Sandy Ryza of ClouderaWhy is My Spark Job Failing? by Sandy Ryza of Cloudera
Why is My Spark Job Failing? by Sandy Ryza of ClouderaData Con LA
 
Min-Maxing Software Costs - Laracon EU 2015
Min-Maxing Software Costs - Laracon EU 2015Min-Maxing Software Costs - Laracon EU 2015
Min-Maxing Software Costs - Laracon EU 2015Konstantin Kudryashov
 
Scala ActiveRecord
Scala ActiveRecordScala ActiveRecord
Scala ActiveRecordscalaconfjp
 
All I Need to Know I Learned by Writing My Own Web Framework
All I Need to Know I Learned by Writing My Own Web FrameworkAll I Need to Know I Learned by Writing My Own Web Framework
All I Need to Know I Learned by Writing My Own Web FrameworkBen Scofield
 
Akka and the Zen of Reactive System Design
Akka and the Zen of Reactive System DesignAkka and the Zen of Reactive System Design
Akka and the Zen of Reactive System DesignLightbend
 
Practical PHP 5.3
Practical PHP 5.3Practical PHP 5.3
Practical PHP 5.3Nate Abele
 
Java Play Restful JPA
Java Play Restful JPAJava Play Restful JPA
Java Play Restful JPAFaren faren
 
Rich Model And Layered Architecture in SF2 Application
Rich Model And Layered Architecture in SF2 ApplicationRich Model And Layered Architecture in SF2 Application
Rich Model And Layered Architecture in SF2 ApplicationKirill Chebunin
 
Java Play RESTful ebean
Java Play RESTful ebeanJava Play RESTful ebean
Java Play RESTful ebeanFaren faren
 
JavaScript Unit Testing with Jasmine
JavaScript Unit Testing with JasmineJavaScript Unit Testing with Jasmine
JavaScript Unit Testing with JasmineRaimonds Simanovskis
 
Introducing Assetic: Asset Management for PHP 5.3
Introducing Assetic: Asset Management for PHP 5.3Introducing Assetic: Asset Management for PHP 5.3
Introducing Assetic: Asset Management for PHP 5.3Kris Wallsmith
 
Integrating React.js with PHP projects
Integrating React.js with PHP projectsIntegrating React.js with PHP projects
Integrating React.js with PHP projectsIgnacio Martín
 
Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3makoto tsuyuki
 

Mais procurados (20)

Composable and streamable Play apps
Composable and streamable Play appsComposable and streamable Play apps
Composable and streamable Play apps
 
Internal Hive
Internal HiveInternal Hive
Internal Hive
 
Testing Javascript with Jasmine
Testing Javascript with JasmineTesting Javascript with Jasmine
Testing Javascript with Jasmine
 
With a Mighty Hammer
With a Mighty HammerWith a Mighty Hammer
With a Mighty Hammer
 
Lazy vs. Eager Loading Strategies in JPA 2.1
Lazy vs. Eager Loading Strategies in JPA 2.1Lazy vs. Eager Loading Strategies in JPA 2.1
Lazy vs. Eager Loading Strategies in JPA 2.1
 
Why is My Spark Job Failing? by Sandy Ryza of Cloudera
Why is My Spark Job Failing? by Sandy Ryza of ClouderaWhy is My Spark Job Failing? by Sandy Ryza of Cloudera
Why is My Spark Job Failing? by Sandy Ryza of Cloudera
 
Min-Maxing Software Costs - Laracon EU 2015
Min-Maxing Software Costs - Laracon EU 2015Min-Maxing Software Costs - Laracon EU 2015
Min-Maxing Software Costs - Laracon EU 2015
 
Vuejs testing
Vuejs testingVuejs testing
Vuejs testing
 
Scala ActiveRecord
Scala ActiveRecordScala ActiveRecord
Scala ActiveRecord
 
The JavaFX Ecosystem
The JavaFX EcosystemThe JavaFX Ecosystem
The JavaFX Ecosystem
 
All I Need to Know I Learned by Writing My Own Web Framework
All I Need to Know I Learned by Writing My Own Web FrameworkAll I Need to Know I Learned by Writing My Own Web Framework
All I Need to Know I Learned by Writing My Own Web Framework
 
Akka and the Zen of Reactive System Design
Akka and the Zen of Reactive System DesignAkka and the Zen of Reactive System Design
Akka and the Zen of Reactive System Design
 
Practical PHP 5.3
Practical PHP 5.3Practical PHP 5.3
Practical PHP 5.3
 
Java Play Restful JPA
Java Play Restful JPAJava Play Restful JPA
Java Play Restful JPA
 
Rich Model And Layered Architecture in SF2 Application
Rich Model And Layered Architecture in SF2 ApplicationRich Model And Layered Architecture in SF2 Application
Rich Model And Layered Architecture in SF2 Application
 
Java Play RESTful ebean
Java Play RESTful ebeanJava Play RESTful ebean
Java Play RESTful ebean
 
JavaScript Unit Testing with Jasmine
JavaScript Unit Testing with JasmineJavaScript Unit Testing with Jasmine
JavaScript Unit Testing with Jasmine
 
Introducing Assetic: Asset Management for PHP 5.3
Introducing Assetic: Asset Management for PHP 5.3Introducing Assetic: Asset Management for PHP 5.3
Introducing Assetic: Asset Management for PHP 5.3
 
Integrating React.js with PHP projects
Integrating React.js with PHP projectsIntegrating React.js with PHP projects
Integrating React.js with PHP projects
 
Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3Django - 次の一歩 gumiStudy#3
Django - 次の一歩 gumiStudy#3
 

Destaque

Power point bab 2
Power point bab 2Power point bab 2
Power point bab 2AlmaAlmo
 
Edited conventions of soap opera's powerpoint
Edited conventions of soap opera's powerpointEdited conventions of soap opera's powerpoint
Edited conventions of soap opera's powerpointLukeclements
 
Power Point Tik bab 4
Power Point Tik bab 4Power Point Tik bab 4
Power Point Tik bab 4AlmaAlmo
 
Powerpoint TIK BAB I
Powerpoint TIK BAB IPowerpoint TIK BAB I
Powerpoint TIK BAB IAlmaAlmo
 
Conventions of soap opera's powerpoint
Conventions of soap opera's powerpointConventions of soap opera's powerpoint
Conventions of soap opera's powerpointLukeclements
 
Power Point Tik bab 3
Power Point Tik bab 3Power Point Tik bab 3
Power Point Tik bab 3AlmaAlmo
 
Consoles history timeline 1
Consoles history timeline 1Consoles history timeline 1
Consoles history timeline 1Lukeclements
 
Childbirth presentation
Childbirth presentationChildbirth presentation
Childbirth presentationcynsalazar27
 

Destaque (9)

Tik bab 4
Tik bab 4Tik bab 4
Tik bab 4
 
Power point bab 2
Power point bab 2Power point bab 2
Power point bab 2
 
Edited conventions of soap opera's powerpoint
Edited conventions of soap opera's powerpointEdited conventions of soap opera's powerpoint
Edited conventions of soap opera's powerpoint
 
Power Point Tik bab 4
Power Point Tik bab 4Power Point Tik bab 4
Power Point Tik bab 4
 
Powerpoint TIK BAB I
Powerpoint TIK BAB IPowerpoint TIK BAB I
Powerpoint TIK BAB I
 
Conventions of soap opera's powerpoint
Conventions of soap opera's powerpointConventions of soap opera's powerpoint
Conventions of soap opera's powerpoint
 
Power Point Tik bab 3
Power Point Tik bab 3Power Point Tik bab 3
Power Point Tik bab 3
 
Consoles history timeline 1
Consoles history timeline 1Consoles history timeline 1
Consoles history timeline 1
 
Childbirth presentation
Childbirth presentationChildbirth presentation
Childbirth presentation
 

Semelhante a Innovation and Security in Ruby on Rails

Socket applications
Socket applicationsSocket applications
Socket applicationsJoão Moura
 
Spring into rails
Spring into railsSpring into rails
Spring into railsHiro Asari
 
Ecossistema Ruby - versão SCTI UNF 2013
Ecossistema Ruby - versão SCTI UNF 2013Ecossistema Ruby - versão SCTI UNF 2013
Ecossistema Ruby - versão SCTI UNF 2013Fabio Akita
 
JRuby on Rails Deployment: What They Didn't Tell You
JRuby on Rails Deployment: What They Didn't Tell YouJRuby on Rails Deployment: What They Didn't Tell You
JRuby on Rails Deployment: What They Didn't Tell Youelliando dias
 
AngularJS Tips&Tricks
AngularJS Tips&TricksAngularJS Tips&Tricks
AngularJS Tips&TricksPetr Bela
 
JRuby + Rails = Awesome Java Web Framework at Jfokus 2011
JRuby + Rails = Awesome Java Web Framework at Jfokus 2011JRuby + Rails = Awesome Java Web Framework at Jfokus 2011
JRuby + Rails = Awesome Java Web Framework at Jfokus 2011Nick Sieger
 
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesBurn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesLindsay Holmwood
 
Fisl - Deployment
Fisl - DeploymentFisl - Deployment
Fisl - DeploymentFabio Akita
 
Ruby on Rails survival guide of an aged Java developer
Ruby on Rails survival guide of an aged Java developerRuby on Rails survival guide of an aged Java developer
Ruby on Rails survival guide of an aged Java developergicappa
 
Fast Web Applications Development with Ruby on Rails on Oracle
Fast Web Applications Development with Ruby on Rails on OracleFast Web Applications Development with Ruby on Rails on Oracle
Fast Web Applications Development with Ruby on Rails on OracleRaimonds Simanovskis
 
Kickin' Ass with Cache-Fu (without notes)
Kickin' Ass with Cache-Fu (without notes)Kickin' Ass with Cache-Fu (without notes)
Kickin' Ass with Cache-Fu (without notes)err
 
Symfony: Your Next Microframework (SymfonyCon 2015)
Symfony: Your Next Microframework (SymfonyCon 2015)Symfony: Your Next Microframework (SymfonyCon 2015)
Symfony: Your Next Microframework (SymfonyCon 2015)Ryan Weaver
 
High Performance Django
High Performance DjangoHigh Performance Django
High Performance DjangoDjangoCon2008
 
High Performance Django 1
High Performance Django 1High Performance Django 1
High Performance Django 1DjangoCon2008
 
Breaking SAP portal (DeepSec)
Breaking SAP portal (DeepSec)Breaking SAP portal (DeepSec)
Breaking SAP portal (DeepSec)ERPScan
 

Semelhante a Innovation and Security in Ruby on Rails (20)

Rack
RackRack
Rack
 
Socket applications
Socket applicationsSocket applications
Socket applications
 
Spring into rails
Spring into railsSpring into rails
Spring into rails
 
Speedy TDD with Rails
Speedy TDD with RailsSpeedy TDD with Rails
Speedy TDD with Rails
 
Intro to Rack
Intro to RackIntro to Rack
Intro to Rack
 
Ecossistema Ruby - versão SCTI UNF 2013
Ecossistema Ruby - versão SCTI UNF 2013Ecossistema Ruby - versão SCTI UNF 2013
Ecossistema Ruby - versão SCTI UNF 2013
 
JRuby on Rails Deployment: What They Didn't Tell You
JRuby on Rails Deployment: What They Didn't Tell YouJRuby on Rails Deployment: What They Didn't Tell You
JRuby on Rails Deployment: What They Didn't Tell You
 
AngularJS Tips&Tricks
AngularJS Tips&TricksAngularJS Tips&Tricks
AngularJS Tips&Tricks
 
JRuby + Rails = Awesome Java Web Framework at Jfokus 2011
JRuby + Rails = Awesome Java Web Framework at Jfokus 2011JRuby + Rails = Awesome Java Web Framework at Jfokus 2011
JRuby + Rails = Awesome Java Web Framework at Jfokus 2011
 
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesBurn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websites
 
Fisl - Deployment
Fisl - DeploymentFisl - Deployment
Fisl - Deployment
 
Deployment de Rails
Deployment de RailsDeployment de Rails
Deployment de Rails
 
Ruby on Rails survival guide of an aged Java developer
Ruby on Rails survival guide of an aged Java developerRuby on Rails survival guide of an aged Java developer
Ruby on Rails survival guide of an aged Java developer
 
Fast Web Applications Development with Ruby on Rails on Oracle
Fast Web Applications Development with Ruby on Rails on OracleFast Web Applications Development with Ruby on Rails on Oracle
Fast Web Applications Development with Ruby on Rails on Oracle
 
Terraform at Scale
Terraform at ScaleTerraform at Scale
Terraform at Scale
 
Kickin' Ass with Cache-Fu (without notes)
Kickin' Ass with Cache-Fu (without notes)Kickin' Ass with Cache-Fu (without notes)
Kickin' Ass with Cache-Fu (without notes)
 
Symfony: Your Next Microframework (SymfonyCon 2015)
Symfony: Your Next Microframework (SymfonyCon 2015)Symfony: Your Next Microframework (SymfonyCon 2015)
Symfony: Your Next Microframework (SymfonyCon 2015)
 
High Performance Django
High Performance DjangoHigh Performance Django
High Performance Django
 
High Performance Django 1
High Performance Django 1High Performance Django 1
High Performance Django 1
 
Breaking SAP portal (DeepSec)
Breaking SAP portal (DeepSec)Breaking SAP portal (DeepSec)
Breaking SAP portal (DeepSec)
 

Último

Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Último (20)

Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Innovation and Security in Ruby on Rails

  • 1. Ruby on Rails Innovation and Security Tillmann Bielefeld 1
  • 2. In 2001 2 Rails - Innovation and Security
  • 3. "01a4" != "001a4" "01e4" == "001e4" I started hacking 3 Rails - Innovation and Security
  • 4. "01a4" != "001a4" "01e4" == "001e4" "01e4" == "10000" I started hacking 3 Rails - Innovation and Security
  • 5. 4 Rails - Innovation and Security
  • 6. 2006 - 2008 5 Rails - Innovation and Security
  • 7. Too many... 6 Rails - Innovation and Security
  • 8. Layers 7 Rails - Innovation and Security
  • 9. Discussions 8 Rails - Innovation and Security
  • 10. Stack Traces 9 Rails - Innovation and Security
  • 11. ! at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:192) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1001) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:149) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.Server.handle(Server.java:360) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:454) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:890) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:944) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716 ! at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:630) [jetty-http-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:230) [jetty-http-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:77) [jetty-server-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:622) [jetty-io-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:46) [jetty-io-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:603) [jetty-util-8.1.5.v20120716.jar:8.1.5.v20120716] ! at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:538) [jetty-util-8.1.5.v20120716.jar:8.1.5.v20120716] ! at java.lang.Thread.run(Thread.java:680) [na:1.6.0_31] Caused by: org.springframework.dao.InvalidDataAccessApiUsageException: [Assertion failed] - this argument is required; it must not be null; nested exception is java.lan failed] - this argument is required; it must not be null ! at org.springframework.orm.jpa.EntityManagerFactoryUtils.convertJpaAccessExceptionIfPossible(EntityManagerFactoryUtils.java:301) ~[spring-orm-3.1.2.RELEASE.jar:3.1 ! at org.springframework.orm.jpa.vendor.HibernateJpaDialect.translateExceptionIfPossible(HibernateJpaDialect.java:106) ~[spring-orm-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.dao.support.ChainedPersistenceExceptionTranslator.translateExceptionIfPossible(ChainedPersistenceExceptionTranslator.java:58) ~[spring-tx-3. ! at org.springframework.dao.support.DataAccessUtils.translateIfNecessary(DataAccessUtils.java:213) ~[spring-tx-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:163) ~[spring-tx-3.1.2.RELEASE ! at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.data.jpa.repository.support.LockModeRepositoryPostProcessor$LockModePopulatingMethodIntercceptor.invoke(LockModeRepositoryPostProcessor.java jpa-1.2.0.M1.jar:na] ! at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at $Proxy44.findByNameStartsWith(Unknown Source) ~[na:na] ! ... 46 common frames omitted Caused by: java.lang.IllegalArgumentException: [Assertion failed] - this argument is required; it must not be null ! at org.springframework.util.Assert.notNull(Assert.java:112) ~[spring-core-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.util.Assert.notNull(Assert.java:123) ~[spring-core-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.data.jpa.repository.query.ParameterMetadataProvider$ParameterMetadata.prepare(ParameterMetadataProvider.java:156) ~[spring-data-jpa-1.2.0.M1 ! at org.springframework.data.jpa.repository.query.CriteriaQueryParameterBinder.bind(CriteriaQueryParameterBinder.java:68) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.ParameterBinder.bind(ParameterBinder.java:108) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.PartTreeJpaQuery$CountQueryPreparer.invokeBinding(PartTreeJpaQuery.java:196) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.PartTreeJpaQuery$QueryPreparer.createQuery(PartTreeJpaQuery.java:121) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.PartTreeJpaQuery.doCreateCountQuery(PartTreeJpaQuery.java:82) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.AbstractJpaQuery.createCountQuery(AbstractJpaQuery.java:148) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.JpaQueryExecution$PagedExecution.doExecute(JpaQueryExecution.java:99) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.JpaQueryExecution.execute(JpaQueryExecution.java:55) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.AbstractJpaQuery.doExecute(AbstractJpaQuery.java:95) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.jpa.repository.query.AbstractJpaQuery.execute(AbstractJpaQuery.java:85) ~[spring-data-jpa-1.2.0.M1.jar:na] ! at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.invoke(RepositoryFactorySupport.java:313) ~[spring-data ! at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110) ~[spring-tx-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) ~[spring-aop-3.1.2.RELEASE.jar:3.1.2.RELEASE] ! at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:155) ~[spring-tx-3.1.2.RELEASE Stack Traces ! ... 53 common frames omitted 9 Rails - Innovation and Security
  • 12. $ irb > a ruby-1.9.3-p0 :045 > a NameError: undefined local variable or method `a' for main:Object ruby-1.9.3-p0 :046 > b NameError: undefined local variable or method `b' for main:Object ruby-1.9.3-p0 :047 > a = b NameError: undefined local variable or method `b' for main:Object ruby-1.9.3-p0 :048 > a = a ... ? 2004 10 Rails - Innovation and Security
  • 13. $ irb > a ruby-1.9.3-p0 :045 > a NameError: undefined local variable or method `a' for main:Object ruby-1.9.3-p0 :046 > b NameError: undefined local variable or method `b' for main:Object ruby-1.9.3-p0 :047 > a = b NameError: undefined local variable or method `b' for main:Object ruby-1.9.3-p0 :048 > a = a ... ? => nil 2004 10 Rails - Innovation and Security
  • 14. 2004 11 Rails - Innovation and Security
  • 15. page.replace_html('tasks', Task.completed_count) page.visual_effect(:highlight, 'tasks', :duration => 1.0) .rjs Remote Javascript 12 Rails - Innovation and Security
  • 16. class  Role  <  ActiveRecord::Base    attr_accessor  :name    has_and_belongs_to_many  :clients end class  Client  <  ActiveRecord::Base    has_and_belongs_to_many  :roles end Active Record 13 Rails - Innovation and Security
  • 17. class  Role  <  ActiveRecord::Base    attr_accessor  :name    has_and_belongs_to_many  :clients end class  Client  <  ActiveRecord::Base    has_and_belongs_to_many  :roles end client_roles 1 0..* client_id 0..* 1 Client role_id Role name Active Record 13 Rails - Innovation and Security
  • 18. class  Role  <  ActiveRecord::Base    attr_accessor  :name    has_and_belongs_to_many  :clients end class  Client  <  ActiveRecord::Base    has_and_belongs_to_many  :roles end client_roles 1 0..* client_id 0..* 1 Client role_id Role Magic! name Active Record 13 Rails - Innovation and Security
  • 19. class  Role  <  ActiveRecord::Base    attr_accessor  :name    has_and_belongs_to_many  :clients end Metaprogramming 14 Rails - Innovation and Security
  • 20. class  Role  <  ActiveRecord::Base    attr_accessor  :name    has_and_belongs_to_many  :clients end Role.find_or_create_by_name("admin") Metaprogramming 14 Rails - Innovation and Security
  • 21. class  Role  <  ActiveRecord::Base    attr_accessor  :name    has_and_belongs_to_many  :clients end Role.find_or_create_by_name("admin") def  method_missing(m,  *args,  &block)      #  magic end   Metaprogramming 14 Rails - Innovation and Security
  • 22. class  Role  <  ActiveRecord::Base    attr_accessor  :name    has_and_belongs_to_many  :clients end Role.find_or_create_by_name("admin") def  method_missing(m,  *args,  &block)      #  magic end   Magic! Metaprogramming 14 Rails - Innovation and Security
  • 23. 2008 , Kiel 15 Rails - Innovation and Security
  • 24. 2009 16 Rails - Innovation and Security
  • 25. 2013 17 Rails - Innovation and Security
  • 26. Innovation 18 Rails - Innovation and Security
  • 27. Packet Management 19 Rails - Innovation and Security
  • 28. $  gem  install  rails $  rails  server 20 Rails - Innovation and Security
  • 29. source  "http://rubygems.org" gem  "json" gem  "rails" Gemfile gem  "empuxa-­‐deploy" $  bundle  install $  bundle  exec  script/rails Dependency Management 21 Rails - Innovation and Security
  • 30. en_EN.yml i18n 22 Rails - Innovation and Security
  • 31. launch.slogan1 en_EN.yml i18n 22 Rails - Innovation and Security
  • 32. i18n_viz Gem 23 Rails - Innovation and Security
  • 33. $  cap  deploy <code> Capistrano Deployment 24 Rails - Innovation and Security
  • 34. $  cap  deploy <code> $  cap  staging  deploy staging Capistrano Deployment 24 Rails - Innovation and Security
  • 35. $  cap  deploy <code> $  cap  staging  deploy staging $  cap  production  deploy production Capistrano Deployment 24 Rails - Innovation and Security
  • 36. $  cap  deploy:migrations v1  -­‐>  v2 Capistrano Deployment 25 Rails - Innovation and Security
  • 37. $  cap  deploy:migrations v1  -­‐>  v2 current shared releases    20130128231601    20130129231801    20130129161601 current Capistrano Deployment 25 Rails - Innovation and Security
  • 38. $  cap  deploy:migrations v1  -­‐>  v2 $  cap  deploy  rollback current shared releases    20130128231601    20130129231801 current    20130129161601 current Capistrano Deployment 25 Rails - Innovation and Security
  • 39. class  User  <  ActiveRecord::Base            devise  :database_authenticatable,                    :registerable,  :recoverable,                    :rememberable,  :trackable,  :validatable end Devise 26 Rails - Innovation and Security
  • 40. <div  id='content'>    <div  class='left  column'>        <h2>Welcome  to  our  site!</h2>        <p><%=  print_information  %></p>    </div>    <div  class="right  column">Right</div> </div> HAML Views 27 Rails - Innovation and Security
  • 41. <div  id='content'>    <div  class='left  column'>        <h2>Welcome  to  our  site!</h2>        <p><%=  print_information  %></p>    </div>    <div  class="right  column">Right</div> </div> #content    .left.column        %h2  Welcome  to  our  site!        %p=  print_information    .right.column        Right HAML Views 27 Rails - Innovation and Security
  • 42. link_to_remote  "delete",    :confirm  =>  :true    :url  =>  delete_post(post.id) Ajax 28 Rails - Innovation and Security
  • 43. link_to_remote  "delete",    :confirm  =>  :true    :url  =>  delete_post(post.id) unobstrusive <a  href="/posts/2"  class="delete_post"  data-­‐ confirm="Are  you  sure?"  data-­‐ method="delete"  data-­‐ remote="true"  rel="nofollow">Delete</a>     Ajax 28 Rails - Innovation and Security
  • 44. Admin Interfaces 29 Rails - Innovation and Security
  • 45. def  index     fancygrid_for  :users  do  |g|     g.attributes  :id,  :username,  :email       g.ajax_url  =  users_path     g.find     end   end Frontend Ajax Tables 30 Rails - Innovation and Security
  • 46. RESTful APIs 31 Rails - Innovation and Security
  • 47. Security 32 Rails - Innovation and Security
  • 48. SQL Injection? 33 Rails - Innovation and Security
  • 49. class  Role  <  ActiveRecord::Base    attr_accessor  :name end User.find_by_name(        "Robert');  DROP  TABLE  Students;  -­‐-­‐") SQL Injection. Solved. 34 Rails - Innovation and Security
  • 50. class  Role  <  ActiveRecord::Base    attr_accessor  :name end User.find_by_name(        "Robert');  DROP  TABLE  Students;  -­‐-­‐") SQL Injection. Solved. 34 Rails - Innovation and Security
  • 51. <script  language="javascript"> document.write("<script  src='malware.js'></script>"); </script> Cross Site Scripting 35 Rails - Innovation and Security
  • 52. Cross Site Request Forgery 36 Rails - Innovation and Security
  • 53. - RSpec - Jenkins - Minitest Automated Tests 37 Rails - Innovation and Security
  • 54. Quality Assurance 38 Rails - Innovation and Security
  • 55. $  cd  my_rails_app $  gem  install  brakeman $  brakeman  -­‐o  report.html brakeman 39 Rails - Innovation and Security
  • 56. Fast Patching 40 Rails - Innovation and Security
  • 57. User.find_by_id( {:select  =>"*  from  users  limit  1  -­‐-­‐"}) SELECT  *  from  users  limit  1  -­‐-­‐  FROM  "users"  WHERE   "users"."id"  IS  NULL  LIMIT  1  =>  #<User  id:  1,  all  other  attributes Security Leak, Jan 3rd 41 Rails - Innovation and Security
  • 58. Email from Heroku 42 Rails - Innovation and Security
  • 59. This   Morning! Email from Heroku 42 Rails - Innovation and Security
  • 60. The Community 43 Rails - Innovation and Security
  • 61. Number of Developers Low High Programming Experience 44 Rails - Innovation and Security
  • 62. Number of Developers Low High Programmers 45 Rails - Innovation and Security
  • 63. Number of Developers Low High PHP 46 Rails - Innovation and Security
  • 64. Number of Developers Entry Barriers?! Low High Ruby 47 Rails - Innovation and Security
  • 65. • Strong community Asking Developers 48 Rails - Innovation and Security
  • 66. • Strong community • Simple magic • Eats resources • Enterprise ready • Hosting is either hard or expensive • Open + Innovative + Secure Asking Developers 48 Rails - Innovation and Security
  • 67. MIT  Licence Openness + Connectivity 49 Rails - Innovation and Security
  • 68. Longest Stack Trace ever: https://gist.github.com/1078370 • Burger Picture: Epic Mealtime • http://brakemanscanner.org/ • http://www.railshosting.org/ • capistrano.org • http://www.globalnerdy.com/2012/01/28/wat-a-funny- look-at-ruby-and-javascript-oddities/ • http://www.optimum7.com/internet-marketing References 50 Rails - Innovation and Security