Secured way to deploy Rails App

Posted on by
Reply

In recent times Rails has grown into a very large community of developers with new ones joining the programming sweetness by the hour. With the release of Passenger a.k.a mod_rails , the pain of deploying a Rails application is almost a no brainer, weather you choose to use Apache or Nginx as your server. Most programmers do their rails development and testing using the built in rails server and mongrel, its very convienient and easy to develop and test your rails apps using this approach (I know I do).

Unfortunately this has caused a lot of developers who mainly come from other web dev platforms like .NET and PHP to overlook how to properly deploy their rails apps. If you’re developing in PHP or .NET, usually the approach is to drop the entire application into your web directory and move on from there, IT IS A BAD APPROACH TO DO THIS WITH YOUR RAILS APP.

Your entire Rails Application can be downloaded by anybody and your source-codes stolen or worst your codes can be read by hackers to find any flaws. Another reason is that anyone can take a look inside your config folder and take a peek at your database.yml file and get the login details to your Production DB Server, (you must be crazy enough to ignore that one :) ).

Now I know some of you might be wondering whats my reason for saying this. Every rails application is deployed using a vhost configuration file which will require you to point to the full location of your public folder inside your rails app. eg. A typical installation on linux will look like this /var/www/YOUR-RAILS-APP/public , now lets assume your application is pointing to a subdomain, so we have something like “railsapp.yourdomainname.com” (wonderful). You are eager to test your app on a production server so you hit your browser and viola there you are.

Now with a little luck in guessing, anyone can guess the correct name of your rails app folder then you are doomed, the attacker can simply type something like this into his browser “yourdomain.com/YOUR-RAILS-APP” and this time your application fails to load on the folder structure is displayed, he can go into any folder of his choice and lookup whatever his wants.

The Properly deploy your Rails application, NEVER EVER DEPLOY YOUR APPLICATION INTO THE WEB ROOT. you can create a folder outside the web root and point the full path in your vhost file eg. “/var/rails_apps/YOUR_RAILS_APP/public”

Your code is protected now.

Intelligent HTTP Request performance boost with Delayed_job

Posted on by
Reply

After the launch of a recently developed application MYtxtBOX Lite, which allows free sms service online to all mobile networks in Ghana. Do to the nature of the SMS gateway which was the traditional style HTTP post or get request, the application takes a long time to respond to the user since the initial code was manually hitting the SMS gateway with the help of the rio plugin. This made the end user part of the network handshake proccess between application server and the SMS gateway server.

We needed a way to speed this process up and make sure HTTP request is also successful. So we moved the rio process into a Model and added a Delayed_job functionality on Model in the Controller class. This ensures that the end user doesn’t become part of HTTP request process and the HTTP request is added to a queue on the server which is then sent by the delayed_job daemon.

These are the benefits I have had from this approach.

  1. The HTTP Request does not rely on the users internet connection
  2. Only a small amount bandwidth is needed to hit the server and make the queue hence increase in speed
  3. The real HTTP request is made using the online server’s own internet bandwidth which is mega times faster than the home users bandwidth, another performance boost
  4. Using delayed_job the HTTP request is assured of a handshake because it will be resent if there should be any error, eg. 404 error
  5. Makes the application more usable on Limited devices with limited internet speeds

Phone number cleanup in Rails

Posted on by
Reply

There is practically nothing that cant be done with ruby (hmm… may be a little exaggerating there). Was working on this SMS platform where users can send SMS free without login or registration. The number was to be in the format eg. 233244342123, everything was smooth, i validated for digits on and the users are allowed to SMS up to 10 numbers in a single shot, which means you can do something like 233244566778,233244566777,233244566756 and it will be sent to three recipients.

I wanted to try some random numbers, so I shot up Address book on my Mac and copied a number, i realized it was in the format 233-244-124-660 and I always have to manually cleanup the dashes b4 I sent it. I knew this is going to be a usability issue and that’s not so good, looking at my level.

Well I decided to do a code improvement which will clear any empty spaces, dashes and plus symbols and then return the string as an array of numbers for further checks like restrict the user to 10 numbers only, etc.

Works perfectly like I want it to