Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ruby on Rails CSCI 6314 David Gaspar Jennifer Garcia Avila.

Published byPeter Whitehead Modified over 9 years ago

Similar presentations

Presentation on theme: "Ruby on Rails CSCI 6314 David Gaspar Jennifer Garcia Avila."— Presentation transcript:

1 Ruby on Rails CSCI 6314 David Gaspar Jennifer Garcia Avila

2 What is Ruby on Rails? Popularly known as “Rails” – open source web application framework “Opinionated” software – makes the assumption that there is the “best” way to do things, and encourages the use of that way Full-stack framework – allows creating pages and apps that gather information from the web server, contact/query the database, and render templates out of the box – Features a routing system that is independent of the web server as a result

3 How Rails is similar to other frameworks Emphasizes the use of well-known software engineering patterns and principles – Active Record Patter: software architectural program that stores its data in relational databases – Convention over Configuration (CoC): make the code simpler without losing flexibility (decrease # of decisions for developers) – Don’t Repeat Yourself (DRY) principle: reducing repetition of information of all kinds (Single Source of Truth) “Every piece of knowledge must have a single, unambiguous, authoritative representation within a system” (Andy Hunt and Dave Thomas”) – Model-View-Controller (MVC): separates the representation of information from the user’s interaction with it

4 History of Rails David Heinemeier Hansson released Rails as open source in July 2004 October 2007 – Apple shipped Rails with Mac OS X v10.5 (Leopard) Current version - 4

5 Notable sites that use Ruby on Rails

6 VersionDateNotable Enhancements 1.012/13/05 1.21/19/07 2.012/7/07 2.16/1/08 2.211/21/08 2.33/16/09Major new developments in templates, engines, Rack, and nested model forms 3.08/29/10Merb merged with Rails 3.18/31/11Reversible DB Migrations, Asset Pipeline, Streaming, jQuery, CoffeScript and Sass (added to stack) 3.21/20/12Faster development mode and routing engine (Journey), Automatic Query Explain, and Tagged Logging 4.06/25/13Introduces Russian Doll Caching (nesting fragment caches to maximize cache hits), Turbolinks (don’t have to recompile JS and CSS between each page change only replacing body and title in the head) and Live Streaming

7 Security vulnerabilities to note Previous versions of Rails suffer from a vulnerability that allows hackers to hijack user accounts through the use of session cookies RoR uses CookieStore as its default session storage mechanism – CookieStore contains a user’s entire session hash on the client side in the form of a web browser cookie – No information about the session is stored in the ‘sessions’ database table on a log out event and this effectively makes the cookies valid for life (not best practice)

8 CookieStore vulnerability, cont. Rails issues a new empty cookie to the user’s browser in order to overwrite the initial one that was authenticated. New cookie is used from that point forward, BUT: – There is no way to invalidate the old cookie! Possible attacks: – XSS (inject client-side scripts into Web pages) – session sidejacking (attacker uses packet sniffing to read network traffic between two parties to steal session cookie)

9 Mitigating the vulnerability Ruby 4 can now encrypt the cookie value – upgrade to 4 from current version Enforce a TTL on a session by providing a TTL value within the session; validate it when the session is read, then update the TTL value when the session is written Don’t use CookieStore

10

11 Setup Ruby can be installed from http://rubyinstaller.org/ http://rubyinstaller.org/ Ruby on rails is installed and executed on the ruby command line. “$ gem install rails” installs rails “$ rails new ” creates a project “$ rails server” starts rails

12 Model-View-Controller Ruby on Rails uses Model-View-Controller architecture. Controllers receive and process the request from the user. Models are objects that are used to create and edit the database. Views send viewable html back to the user.

13 Controller Controller are created this command in the ruby command line: “$ rails generate controller ” – This command creates multiple files used by the controller including the view which has the action’s name – This command also creates the routing that sends the controller the user requests.

14 View Views are created along with the controller or can be created separately. Views include html and ruby code – Ruby is embedded inside “ ” tags

15 Model Models are used to create and edit database tables. “$ rails generate model (attribute name: attribute type … )” – Eg “$ rails generate model Post title:string text:text” – “$ rake db:migrate” Must be run to create the table.

16 Model Example Saving data using a model def create @post = Post.new(params[:post].permit(:title, :text)) @post.save redirect_to @post end

17 Assignment Go to http://tryruby.org and work through the tutorialhttp://tryruby.org Screenshot the last page with your code to create the popup with your blog entries Email screenshot to jenniferleegarcia@gmail.com. jenniferleegarcia@gmail.com

Download ppt "Ruby on Rails CSCI 6314 David Gaspar Jennifer Garcia Avila."

Similar presentations

1.  Understanding about How to Working with Server Side Scripting using PHP Framework (CodeIgniter) 2.

1.  Understanding about How to Working with Server Side Scripting using PHP Framework (CodeIgniter) 2.
Creating Web Services with Ruby on Rails Robert Thew Internet and Web Systems II.

Creating Web Services with Ruby on Rails Robert Thew Internet and Web Systems II.
Ruby on Rails Tutorial Peter Mosca April, 2007. Ruby on Rails Tutorial Ruby History Invented 12 years ago in Japan by Yukihiro Matsumoto Spent first 5.

Ruby on Rails Tutorial Peter Mosca April, Ruby on Rails Tutorial Ruby History Invented 12 years ago in Japan by Yukihiro Matsumoto Spent first 5.
Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.

Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.
Ruby on Rails by Manik Juneja Ruby On Rails. Ruby on Rails by Manik Juneja Rails is a Web Application development framework. Based on the MVC pattern.

Ruby on Rails by Manik Juneja Ruby On Rails. Ruby on Rails by Manik Juneja Rails is a Web Application development framework. Based on the MVC pattern.
Introduction to Backend James Kahng. Install Node.js.

Introduction to Backend James Kahng. Install Node.js.
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.

15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.
Creating Web Services with Ruby on Rails Robert Thew Internet and Web Systems II.

Creating Web Services with Ruby on Rails Robert Thew Internet and Web Systems II.
Ruby on Rails a popular web application framework, aimed to increase the speed and ease of web development Ruby on Rails, Tim Zappe.

Ruby on Rails a popular web application framework, aimed to increase the speed and ease of web development Ruby on Rails, Tim Zappe.
Multiple Tiers in Action

Multiple Tiers in Action
Chapter 11 ASP.NET JavaScript, Third Edition. 2 Objectives Learn about client/server architecture Study server-side scripting Create ASP.NET applications.

Chapter 11 ASP.NET JavaScript, Third Edition. 2 Objectives Learn about client/server architecture Study server-side scripting Create ASP.NET applications.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
INTRO TO MAKING A WEBSITE Mark Zhang.  HTML  CSS  Javascript  PHP  MySQL  …That’s a lot of stuff!

INTRO TO MAKING A WEBSITE Mark Zhang.  HTML  CSS  Javascript  PHP  MySQL  …That’s a lot of stuff!
269200 Web Programming Language Dr. Ken Cosh Week 1 (Introduction)

Web Programming Language Dr. Ken Cosh Week 1 (Introduction)
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
Ruby on Rails: An Introduction JA-SIG Summer Conference 2007 Michael Irion The University of Tulsa.

Ruby on Rails: An Introduction JA-SIG Summer Conference 2007 Michael Irion The University of Tulsa.
RUBY ON RAILS Mark Zhang. In this talk  Overview of Ruby on Rails  Core ideas  Show a tiny bit of example code  Touch on several general web development/

RUBY ON RAILS Mark Zhang. In this talk  Overview of Ruby on Rails  Core ideas  Show a tiny bit of example code  Touch on several general web development/
Ruby on Rails. What is Ruby on Rails? Ruby on Rails is an open source full-stack web framework. It is an alternative to PHP/MySQL. It can render templates,

Ruby on Rails. What is Ruby on Rails? Ruby on Rails is an open source full-stack web framework. It is an alternative to PHP/MySQL. It can render templates,
1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.

1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.

Similar presentations

Ads by Google