|
Plus with namespaces you can define things in the root namespace class and have them filter down automatically, just like you would with ApplicationController. Likecode:
|
# ? Jan 24, 2011 15:31 |
|
|
# ? May 28, 2024 17:17 |
|
I went with the separate views for now, which seems very fitting for the scope of my project. I liked the points about namespaces, however, and I will definitely go for namespaces with the next project. Thanks guys!
|
# ? Jan 24, 2011 20:30 |
|
NotShadowStar posted:Plus with namespaces you can define things in the root namespace class and have them filter down automatically, just like you would with ApplicationController. Like Wait.... isn't this supposed to be code:
e: I see. It's so that you can still have a Post class. I get it...
|
# ? Jan 26, 2011 00:51 |
|
NotShadowStar posted:You really should learn the fundamentals of ActiveRecord associations, because this is really basic stuff. Gotcha, I was missing my foreign key, thanks! Well that makes what I was trying to do ridiculously easy. So I have my site in good working order. On my laptop anyway. But when I push to heroku it breaks in two spots, again they work fine on my laptop. First thing that breaks is what I just did, where I gave each user their own gallery. My associations are right and my controller has: code:
code:
code:
rugbert fucked around with this message at 20:57 on Jan 26, 2011 |
# ? Jan 26, 2011 20:37 |
|
That's a common issue with Heroku: Common issues migrating to PostgreSQL. Also, you shouldn't be using an attribute 'type' since it is a reserved word and can often cause problems.
|
# ? Jan 26, 2011 20:51 |
|
atastypie posted:That's a common issue with Heroku: Common issues migrating to PostgreSQL. Also, you shouldn't be using an attribute 'type' since it is a reserved word and can often cause problems. Well I have a type field for Image because I have two model inheriting from Image, drawings and tattoos. Im not actually touching 'type' Im letting rails mess with it. edit - AH see, I mistakenly set the user_id field to a string instead of a integer. thanks! rugbert fucked around with this message at 21:10 on Jan 26, 2011 |
# ? Jan 26, 2011 21:00 |
|
Hah, you're running into all the seemingly strange edge 'gotchas' of AR your first time around. I knew some people who were used to MSSQL and were kind of baffled for a while why they couldn't use GUIDs as a primary key.
|
# ? Jan 26, 2011 21:17 |
|
rugbert posted:Well I have a type field for Image because I have two model inheriting from Image, drawings and tattoos. Im not actually touching 'type' Im letting rails mess with it. Durr, sorry I saw that as a string called type
|
# ? Jan 26, 2011 21:20 |
|
So, I am about to start a new project. I usually use php and symfony for my web projects, but I have been tinkering with rails over the last month or so and am intrigued. I know symfony inside and out (pretty much), so I know I can get it done quickly if I go that route. That being said, I am getting a tad bored with symfony and am thinking about learning rails more in-depth. I guess I just wanted to get some general advice from people who are using rails and maybe have made a similar switch already. Would this transition be relatively smooth? From what I have done so far with rails, it appears to be very similar to symfony, even using most of the same terminology. Any thoughts are appreciated.
|
# ? Jan 26, 2011 21:20 |
|
Ahh OK, Im starting to get it. The undefined method issue I was having was because I didnt have any blogs with defined categories. So next thing I have to do is make sure if a category isnt chosen then it gets a default cat. The next thing Im going to figure out is how validations work. I read some book where it said I could put the error message right in the model and flash_messages would display it but its not working. I wanna run home and double check tho.
|
# ? Jan 26, 2011 21:31 |
|
Apparently, there are only four url helpers:code:
Now that I know this it makes perfect sense. This morning, however, when I still didn't know this I read a tutorial on the Internet. In this tutorial someone used the edit helper to deliver a token to the controller's edit method where he would not actually edit anything but call some other methods. Modeling my need to pass a token to the create method after this tutorial lead to me trying for three hours to construct a url helper with various method_controller_url combinations (with and without pluralizations) that all didn't work until I finally figured it out. Good times. Edit: vvvvvvvv Turns out I was still wrong. It seems you can use url helpers for all GET routes that have been properly set up. So if your rake routes shows for example a welcome_users path then welcome_users_url gives you the link to it. (This also means that I had a case of several cumulative errors in my original code.) Triggerle fucked around with this message at 12:21 on Jan 27, 2011 |
# ? Jan 26, 2011 21:44 |
|
Triggerle posted:url helpers: If you run rake routes you can get a good idea of the url helpers that are available given your current routes and where they go.
|
# ? Jan 26, 2011 21:49 |
|
dustin10 posted:That being said, I am getting a tad bored with symfony and am thinking about learning rails more in-depth. I guess I just wanted to get some general advice from people who are using rails and maybe have made a similar switch already. Would this transition be relatively smooth? From what I have done so far with rails, it appears to be very similar to symfony, even using most of the same terminology. Any thoughts are appreciated. I say go for it. Run through the Ruby on Rails Tutorial and you will be sprinting in no time. This is where the Addison-Wesley book "Ruby on Rails 3 Tutorial: Learn Rails by Example" comes from but the author updates it regularly. I personally feel, after just going through my copy of Agile Web Development with Rails, 4th Edition again, that it is a much better whole-life introduction to a very good way to develop for Rails. It is also free if you read it online.
|
# ? Jan 26, 2011 21:57 |
|
NotShadowStar posted:I knew some people who were used to MSSQL and were kind of baffled for a while why they couldn't use GUIDs as a primary key. I've used GUID primary keys in a Rails/ActiveRecord project before. It was backed by MySQL and not MSSQL though.
|
# ? Jan 27, 2011 00:14 |
|
skidooer posted:You have me curious. Why can't you? Well, you can do it through UUID extensions to AR, but by default design AR only works with integer auto increment primary keys. You also have to ensure that the db engine actually uses UUID instead of a stringified GUID like sqlite3 will do, or AR will just choke and barf on any relations.
|
# ? Jan 27, 2011 02:09 |
|
NotShadowStar posted:Well, you can do it through UUID extensions to AR, but by default design AR only works with integer auto increment primary keys. You also have to ensure that the db engine actually uses UUID instead of a stringified GUID like sqlite3 will do, or AR will just choke and barf on any relations.
|
# ? Jan 27, 2011 03:23 |
|
Oh yeah, sqlite doesn't have types, I remember now. You can happily store anything in any column regardless of what the table schema says. The sqlite ruby driver converts it based on the table definition.
|
# ? Jan 27, 2011 03:38 |
|
Obsurveyor posted:Any recommendations on where to start with choosing an authentication library for Rails 3 that will utilize existing database columns? I don't know if you saw this or not but there is a brand new railscast on this topic. It's pretty simple to do and hasn't changed very much since the last time. http://railscasts.com/episodes/250-authentication-from-scratch The only thing I would change in this implementation, is making use of more current password hash technology. I just embed the salt directly into the password_hash column. It still makes it impossible to batch-decode a list of hashed passwords, it even makes it more difficult. So I'd remove the salt column and replace: code:
code:
|
# ? Jan 27, 2011 21:15 |
|
Nolgthorn posted:I don't know if you saw this or not but there is a brand new railscast on this topic. It's pretty simple to do and hasn't changed very much since the last time. I have read many different explanations of salting hashes making passwords more difficult to crack but I still do not understand it. If they have access to the database column for the hashed password, they have access to the random salt column. It does not seem to me like it would take a rocket scientist to modify a dictionary cracker to add the known salt to the dictionary word, hash it and compare. Every description implies the salt is more secret than the hash, but every implementation stores them side-by-side. It feels more like obfuscation to me. I am talking about md5 here, not BCrypt that is now being used. What am I missing here?
|
# ? Jan 27, 2011 21:33 |
|
Brilliant question. It is such a complicated one that I'm pretty sure there are still entire courses at universities that teach it alone. There are security career tracks where encryption is like a really big part of why you get paid the $$$. I strongly recommend reading this if you have the time and are interested about the topic. http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html The whole thing with salting started out as a method for deterring one kind of attack a long time ago. It has become standard since then and Bcrypt will actually handle all of that for you. The article talks to you a little bit about that and tells you about worse threats. I agree with you about storing the salt in a separate column being worthless. If the attacker has access to the hashed password, then the attacker also has access to the salt for it. The primary idea with regard to hashing passwords is to force the attacker to decrypt each password individually instead of being able to all at once. A lifetime ago when I was just starting out learning PHP I remember trying my hand at creating authentication. I remember reading documentation that suggested not only using a hash and salt, but also throwing in a few other characters and the date in the middle. That would more or less force the attacker to gain access to the code as well as the database. The problem is that it doesn't do anything to prevent mass-decryption once the attacker finds out what the pattern is, which had been used on every password in the database. So once the attacker knew the pattern it was still as easy as pie to decrypt the full list. Um. Now I'm leaving my comfort zone with regards to knowledge on this subject so I'll just stop.
|
# ? Jan 27, 2011 22:39 |
|
Nolgthorn posted:I strongly recommend reading this if you have the time and are interested about the topic. quote:A lifetime ago when I was just starting out learning PHP I remember trying my hand at creating authentication. I remember reading documentation that suggested not only using a hash and salt, but also throwing in a few other characters and the date in the middle. That would more or less force the attacker to gain access to the code as well as the database. The problem is that it doesn't do anything to prevent mass-decryption once the attacker finds out what the pattern is, which had been used on every password in the database. So once the attacker knew the pattern it was still as easy as pie to decrypt the full list.
|
# ? Jan 27, 2011 23:12 |
|
Hello, I am having an issue looping through several groups of radio buttons. So my goal is to loop through and list several groups of shipping options for various products. First I loop through the number of items which need to be shipped alone, then I loop through the shipping rates. What I want is each group to be able to have 1 selection and pass along the params for use in the controller. I need the ability to iterate or count the ss_ship_info so that each name/value will be different params. I have tried both 'ss_ship_info[@counter]' and 'ss_ship_info'[@counter] (this one has really unexpected results, if I have 3 items. The first two act like a single group but the third seems to be an individual group.) Does anyone know a solution for my problem or at the very least could point me in the direction of a guide relating to the subject? code:
Edit2: 'ss_ship_info_#{@counter}' doesn't seem to work either =\ Edit3: This bit of code did the trick, it allows me to loop through loops of radio buttons and iterating each group so they are separate parameters. Maybe this will help someone out some day. code:
shehackedyou fucked around with this message at 08:35 on Jan 28, 2011 |
# ? Jan 27, 2011 23:26 |
|
I started to gently caress around with mongoid and mongodb just for fun, but I've hit a problem early on... This is a post I made in the mongoid Google Group. quote:Hello, I got a response... quote:> _form.html.erb I don't understand where this code goes. Is this the right way to go about doing this?
|
# ? Jan 28, 2011 00:23 |
|
He/she's saying you cannot do Topic.all, because Topic isn't it's own document. It is only being embedded in other things. If you were to look at your database you would find a "posts" document and within each post there are many replies and one topic, actually embedded in the post. Not referencing a topic mind you but they're really in there. So there isn't any way to look up Topic.all, you want to use references and referenced_in. That way the post will only reference a topic and not actually contain the topic.
|
# ? Jan 28, 2011 00:44 |
|
I understand what he's saying and it makes perfect sense. I just do not know where in the code to put the changes.
|
# ? Jan 28, 2011 00:49 |
|
Nolgthorn posted:The whole thing with salting started out as a method for deterring one kind of attack a long time ago. It has become standard since then and Bcrypt will actually handle all of that for you. The article talks to you a little bit about that and tells you about worse threats. Now a days, there are what's called "rainbow tables" that you can download that have a precomputed list of password combinations up to certain character lengths. This makes finding the password trivial for unsalted hash values. The time it takes to make a rainbow table is rather long given how complex the function is as well as the number of permutations of passwords. Adding a salt means you have to brute force every password. Having a different salt per password means this calculation must be done for every password. Storing the salt is not useless at all, but in all seriousness you have a much bigger problem with data security if people can access all of your passwords in a database. You can also nearly double the amount of time it takes by hashing the password again with a second salt. I wouldn't do this because if a deterministic way to find a collision is found, having two sources of data can only help an attacker.
|
# ? Jan 28, 2011 09:20 |
|
Ethereal posted:Now a days, there are what's called "rainbow tables" that you can download that have a precomputed list of password combinations up to certain character lengths. This makes finding the password trivial for unsalted hash values. The time it takes to make a rainbow table is rather long given how complex the function is as well as the number of permutations of passwords. But I was merely stating that storing the salt in a separate column is worthless, not that salting is worthless altogether. Salting however, is handled automatically now by Bcrypt and it's all stored nice and cozy in the same column. I hope you don't take offence but rainbow tables are from like 40 years ago grandpa. Bcrypt also automatically supplies a method for doubling or whatever-ing the time it would take to decrypt each password. It's all baked in there so there is certainly no need to double or triple salt anymore. You may have misread my posts on the subject.
|
# ? Jan 28, 2011 10:46 |
|
I just want to bear out my shame for everyone here so that everyone knows to be real careful with syntax. Whats wrong with this line in my model?code:
|
# ? Jan 28, 2011 15:46 |
|
8ender posted:
I always do: code:
|
# ? Jan 28, 2011 15:54 |
|
Ok, I have an association where a User has_man blogs. It works, has the foreign key blah blah blah. What Im trying to do is filter blog posts based on the user who made it. And while I have it working, it only filters based on user_id (which is on the BlogPost model) but I want to filter based on username which is on the User model. Right now, this is what I have to make it work: code:
code:
|
# ? Jan 28, 2011 19:30 |
|
First, params[:username], as you defined in the route. Second, you want code:
|
# ? Jan 28, 2011 23:39 |
|
NotShadowStar posted:First, params[:username], as you defined in the route. ohhhh cool gotcha! thanks! So Im starting to learn about helpers and I found a small code snippet that produces a list of items based on the collection thats passed into it but I dont know how to html_safe it. the OL tags are fine, but everything inside it isnt and I dont know why. Heres my helper: code:
code:
|
# ? Jan 29, 2011 23:51 |
|
rugbert posted:I dont know how to html_safe it. code:
|
# ? Jan 30, 2011 05:13 |
|
So my first application is coming along nicely and now that things are working I would like to add Ajax functionality to some of my views. After doing some research it seems jquery is what I want. So I installed gem jquery-rails, included it in my Gemfile and ran bundle install but it doesn't seem to do anything? In my public/javascripts folder I have code:
Also I'm getting mixed advice in the various tutorial I read. Should I bother with the gem at all or should I just link to Google's library?
|
# ? Jan 30, 2011 20:19 |
|
Yes use jquery-rails because it changes the internal generators from Prototype to jQuery. jquery-rails also loads jQuery when you do javascript_include_tag :defaults. You also need to do 'rake generate jquery:install' to change the internal defaults and remove Prototype. I'm also assuming you're doing Rails 3. Javascript is much, much nicer in general in Rails 3 than 2. Rails 2 dumps automatically generated JS directly on elements everywhere. Rails 3 changes it by adding specific classes and IDs to elements and uses Javascript to target those elements.
|
# ? Jan 30, 2011 20:23 |
|
skidooer posted:
Oh cool thanks. Yea I was confused because I thought content_tag made everything in it html safe. And adding .html_safe wasnt doing anything.
|
# ? Jan 31, 2011 00:09 |
|
Any string when calling html_safe? on it is false unless something explicitly marks it as html_safe http://asciicasts.com/episodes/204-xss-protection-in-rails-3
|
# ? Jan 31, 2011 00:25 |
|
Hello. I am rolling my own pagination. Not using will_paginate has thrust me into a state of uncertainty. Each of the users in my application are seeing different objects on each page and the objects that they see may change from page to page. So it isn't really possible to paginate reliably using a page number, instead I am using starting at and ending at times. If a starting time is specified, I will get x number of objects to display which were posted after that date. If a ending time is specified instead, I will get x number of objects to display which were posted immediately before that date. I also need to reliably know the posting date of the object which follows the last object in my collection as well as whether or not there is a post before the first object in my collection. It's much different from what will_paginate offers is what I'm saying. Can I implement a pagination method onto all my database objects using the lib folder, what is the process for adding a method there?
|
# ? Jan 31, 2011 04:29 |
|
You likely want to roll it as a Module, and include awesome_pagination in the models you want to do it with.
|
# ? Jan 31, 2011 05:41 |
|
|
# ? May 28, 2024 17:17 |
|
That would certainly be the easier way to do it... but how does will_paginate get around this? I've been reading will_paginate and don't think I've been able to decipher very much of it. I could just use a module I include I guess.
|
# ? Jan 31, 2011 05:49 |