Author: Anurag Pattnaik

I help you to develop web & mobile applications according to your specific needs. I manage a skillful team of resources to deliver Ruby on Rails, iPhone & Android applications on a scheduled timeframe.

Enhance Speed of your web app with Backbone.js

Posted on by Anurag Pattnaik

Backbone.js is a popular open source JavaScript framework that allows us to develop single page web application. It offers a MVC framework for organizing Javascript application.

backbonerails-new1

 

 

 

 

 

 

 

 

What is Backbone.js?

  • Building single-page web apps or complicated user interfaces will get extremely difficult by simply using JQuery alone. Because JavaScript libraries are great at what they do, without realizing it you can build an entire application without any formal structure. Whereas Backbone.js is a lightweight framework that allows us to create single page applications in a structured manner. Backbone.js enforces that communication to the server should be done entirely through a RESTful API. The web is currently trending such that all data will be exposed through an API, because the browser is no longer the only client, now we have mobile devices, tablets and electronic fridges etc.
  • Website speed is the demand of the day. Running a website with full server dependencies, is not cost effective in terms of speed. If for each and everything we depend upon server and every request is served with a page refresh, then it will be annoying to any user. If you use MVC client architecture like Backbone.js, then most of the load on server is reduced and the website is depends on server only for getting json data and not for the logic of how to display it.
  • Better user experience is needed for every website that wants more and more users to visit it. And Backbone.js provides a very good user experience, as the demand of the users are served only in the client machine. User does not need a page refresh for any action.

Advantages of Backbone.js

  • Streamlined Event handling
    When a project grows, the jQuery declarations and callbacks gets more complex. The code becomes more cluttered. Backbone.js overcome this problem by providing an event-driven communication between views and models. The backbone.js events build on top of regular DOM events, which makes the mechanism very versatile and extensible.
  • Syncing with a back-end
    The models in Backbone.js can be easily tied to a back-end. The framework provides excellent support for RESTful APIs in that models can be mapped to RESTful endpoints.
  • Maintainability by following conventions
    Conventions are a great way to introduce a common coding style without the need of coming up with an extensive set of coding standards. Backbone.js is particularly helpful to maintain a clean code base despite having multiple developer involved in the coding.
  • Organized Code
    Backbone.js is a client-side MVC architecture. It is a design pattern where we separate the data from the way it is defined, manipulated and displayed. It allows you to structure your Javascript code in an MVC pattern.
  • Speed
    In the MVC platform, web application depends upon server for getting json data for the logic on how to display it. Here load on server is reduced and it helps in increasing the speed of the website.
  • Reduced data transfer
    Normally when client searches a record from the database, it sends a request to server.And then, to render output, database starts processing and send response.
    Server -> database processing-> rendering output-> Response
    But with Backbone.js request will be sent only for data and data will be returned from server in json format. Those data is manipulated at client-side.

 

In essence the backbone is the way to structure your application better. You can easily organize client side ‘JavaScript’ code into MVC pattern of Rails applications. Check out implementation of ‘Backone.js’ into Rails applications.

We have implemented numerous Rails applications with backbone.js. Two out of them are KurrentJobs and OrangeGigs.

Please share your experience of implementation of Backbone.js in Rails.

 

12 Security Checks to Perform Before Launching Your Rails App

Posted on by Anurag Pattnaik

In today’s interconnected world, software security is paramount. With the rise in cyber threats and the potential for data breaches, it’s crucial to ensure that your Rails application is fortified against vulnerabilities before releasing it into the wild.

Neglecting security checks can lead to devastating consequences, tarnishing your reputation and putting sensitive user data at risk.

The possible threats could be hijacking user accounts, manipulation of access control, accessing sensitive data & doctoring with garbage contents. You should act proactively to protect your valuable information.

In this comprehensive guide, we’ll walk you through the essential security checks you must perform after Rails app development and before launching your Rails app.

Here you go with some useful security tips which you cannot ignore. Courtsey, Ruby on Rails Security Guide.

  • Don’t trust logged in users (Authentication != Authorization)

    • Always check whether the current logged in user is allowed to perform operation like create, update, delete and view.
    • Devise, a library which handles authentication, to verify that you can only get to the destroy action if you’re logged in. However, Devise does not handle authorization.
    • Apart from authentication authorization must be checked prior to allow any data sensitive operation.

  • Mass assignments vulnerability. (Use attr_accessible in your models!)

    • ‘Mass Assignment’ is the name Rails has given to the act of constructing your object with a parameters hash. Using “mass assignment” that you can assign multiple values to attributes via a single assignment operator.
    • A ‘params hash’ can contain anything, so protect all sensitive attributes from re-assignment. The best way to do this is by disabling mass assignment using ‘attr_accessible’ (or attr_protected) in your models.

  • Prevent your attribute being changed from outside with attr_readonly

    • Remember to disable updating protected attributes.
    • Using ‘attr_readonly’ declaration of ActiveRecord allows the attribute to be set on create, but never edited on update.

  • SQL Injection(SQLi)

    • SQL injection (SQLi) is a code injection technique in which a user can manipulate a database in an unintended manner. Consequences of SQL injection vulnerabilities range from data leaks, to authentication bypass, to root access on a database server.
    • To get rid, never include user submitted strings in database queries. Check all model scopes and find conditions that include ‘params’ or interpolated strings.

    Instead of using such unsafe code

Post.all(:conditions => "title = #{params[:title]}")

You can have safer, simpler code like

Post.all(:conditions => {:title => params[:title]})

  • Prevent executable files from being uploaded

    • We should always distrust the user/browser provided information, to make decisions on a file’s mime/content type.
    • Validate the content type of all attachments, and place uploaded files in protected directories or on another server/service e.g. S3/Cloudfront.
    • Content-types can easily faked, so check the file extensions and be sure to disable your web server from executing scripts in the upload directory.
    • Also, beware of plugins creating or writing in temp directories during file upload operation.They may create files or directories from user submitted ‘params’ without checking the file path.

  • Avoid Redirection

    • Avoid using redirects to user supplied URLs like redirect_to(params[:some_parameter]).
    • When the arguments for a redirect comes from ‘params’, you are open to redirect to unintended URLs.

  • Security updates and patches of Gems and Plugins

    • Always check your dependencies for security updates and patches.
    • If possible subscribe to the GitHub issues list (or any mailing list) of the gems or plugins you are using.
    • Always specify the version to avoid undesirable breaks to your code.

  • Passwords in the database

    • Never ever store passwords in the database as clear text.
    • Encourage strong alphanumeric passwords and if necessary follow other strong password practices (like multiple failed logins, password expiry/reset etc.)
    • Keep encrypted password in your database like the one devise generates.

  • Make non-ActionController methods private

    • Check whether the methods you have declared in a controller is accessible to the public.
    • Change accordingly in your ‘routes’ so that it is private and inaccessible to the public.

  • Include CSRF token in all form submissions

    • Include ‘csrf_meta_tag’ helper in the HTML head tag in Rails 3.
    • Enable ‘protect_from_forgery’ and use form helpers to include the Rails authenticity token in all form submissions.

  • Cross-Site Scripting (XSS)

    • Cross-site scripting attacks occur when malicious scripts are injected into web pages and executed in users’ browsers. 
    • Employ content security policies (CSP), sanitize user-generated content, and use proper escaping methods to prevent this attack vector.

  • Cross-Site Request Forgery (CSRF)

    • CSRF attacks exploit the trust a website has in a user’s browser by tricking it into executing unwanted actions on the site. 
    • Protect against this threat by implementing CSRF tokens in your forms and utilizing the built-in Rails mechanisms.

SEE ALSO: Security Patch to deal authentication bypass for RoR

Conclusion

The security of your Rails application is not a feature that can be fixed on at the last moment. It should be an integral part of your development process from day one.

By conducting comprehensive security checks before releasing your app, you demonstrate your commitment to safeguarding user data and maintaining the trust of your audience.

In a digital landscape where threats are ever-evolving, a proactive approach to security is not just a best practice—it’s a necessity.

Rails app developers always maintain a checklist of security measures to take before releasing the app. Top Rails app development companies have even more stringent security measures and follow them from the inception of the app development.

Related Questions

Q1: What is the first step in ensuring the security of a Rails app before its release?

A1: The first step is to perform a thorough code review and security assessment of your application. This involves analyzing the codebase for potential vulnerabilities, checking for proper implementation of authentication and authorization, and reviewing the usage of third-party libraries and dependencies.

Q2: How can I prevent SQL injection attacks in my Rails app?

A2: To prevent SQL injection attacks, you should use parameterized queries or an ORM (Object-Relational Mapping) framework like ActiveRecord. Avoid constructing SQL queries using string concatenation and ensure that user inputs are properly sanitized before being used in queries.

Q3: What measures can I take to protect against Cross-Site Scripting (XSS) attacks in my Rails app?

A3: To protect against XSS attacks, implement Content Security Policies (CSP) to restrict the sources of executable content, sanitize user-generated inputs to prevent the injection of malicious scripts, and use proper output escaping methods, such as using the h helper, when displaying dynamic content.

Q4: How do I handle secure session management in my Rails app?

A4: Secure session management involves setting appropriate session expiration times, using secure and HTTP-only cookies, and ensuring proper handling of session logout upon user inactivity. Rails provides mechanisms like protect_from_forgery and the session helper to help with these aspects.

Q5: Why is it important to update third-party dependencies in my Rails app?

A5: Third-party libraries and gems often contain vulnerabilities that can be exploited by attackers. Regularly updating and patching these dependencies is crucial to address known security issues. You can use tools like Bundler Audit to identify and mitigate potential risks associated with third-party code.

 

Sweet Journey | New IOS App From Andolasoft

Posted on by Anurag Pattnaik

We are excited to announce that ‘Sweet Journey’ – a diary app is now in App Store. Deployed last week, got overwhelming responses with over 100 downloads around the world. It is a personal diary on the go. You could use it as a journal or photo album to keep your memories safe. Capture photos, videos and take notes, all in one app.

Download ‘Sweet Journey’ from App-Store

sweetjourney_logo

Journals and diaries are great to use, but it is vulnerable to threats like damage, lost. So, we came-up with an unique app idea to make note taking easier. If you like to carry around a journal and scribble notes, why not capture that on your iPhone or iPad. It would be easier, faster and insightful. You could do more than just writing notes and taking photos.

What You Can Do With Sweet Journey

  • Create notes with date and time
  • Capture snaps and videos with tags and timestamp
  • Record voices with tags and timestamp
  • Save photos with Geo-tag to see in map view, based on location
  • Store memories in one gallery and sort as per day, month and year

Here’s What We Did:

  • Designed the application logo, user interfaces (UI/UX) and animation effects
  • Developed the app in native language i.e. Objective-C and Cocoa Touch framework
  • Devised the application process and flow from navigation to monetization
  • Implemented Tapku SDK
  • Used iCarousel library for paged and scroll view
  • Deployed the app to App Store within 3 weeks since the initiation of project

So, go ahead; download the app and see how ‘SweetJourney’ can help memories last forever. Feel free to write reviews in iTunes.

Auditnet_appstore1

 

 

SJ_sc_small

 

Supercharge your Rails app development with “Metric_fu”

Posted on by Anurag Pattnaik

Why we need Metric_fu?

Sometimes we are unaware of unknown complexities in our rails code and it gets messy. Moreover, it reduces application performance, scalability and maintainability.

What is Metric_fu?

Metric_fu is a set of rake tasks and compilation of several different tools that provides reports. This show which parts of your rails code might need extra work. It uses the following built-in tasks to create a series of reports.

  • Rcov – Measures test coverage
  • Flog – Measures code complexity
  • Saikuro – Measures cyclomatic complexity
  • Flay – Finds duplication (both copy/paste and structural)
  • Reek – Spots code smells
  • Roodi – Finds lots of general problems
  • Churn – Identifies files that changes too often
  • Rails best practices – code matric tool
  • Cane -code quality threshold violations
  • HotSpot– Meta analysis of your metrics to find hotspots in the code

Benefits of Metric_fu

  • You can measure the complexity of rails code
  • Creates a “hit list” of most complex methods
  • Reveals hidden issues like bugs and other complexities
  • Examine worst offenders
  • Refactoring complex methods
  • Creates smaller, easier to understand methods

Step#1

  • Add ‘metric_fu’ gem to your gem file
gem "metric_fu"
  • Run “bundle install”

Metric_fu will install several other dependencies unless they are already present.
These include Flay, Flog, Rcov, Reek, Facets and Roodi.

  • Run following command to generate the metrics
rake metrics:all

It will generate a metric of your code in the temp/matric_fu repository,
it uses a number of other open source project to generate the metric.
metrics_home_page-1024x551

Rails_best_pratices_metrics-840x1024

Code analysis isn’t an exact science and none of the tools shown are perfect in themselves.
So they should all be used as an aid to help you find complex areas of your code and supercharge Rails app development.

Andolasoft Awarded As TOP #21 iPhone App Development Company

Posted on by Anurag Pattnaik

top_10_php

 

It is a great privilege to announce that Andolasoft has been ranked at 21 in Top 25 iPhone app development companies by bestwebdesignagencies.com. Heartfelt thanks to our customers for their continued appreciation which helped us to be here today.

Needless to say that our top-notch iOS app developers, our efficient project management team have been providing excellent customer service won us the rank.

Few more reasons behind our success:

  • Easy-to-use iPhone app with rich and engaging user experience
  • Agile methodology to facilitate rapid mobile app development
  • Step-by-step guidance and suggestions to our customers starting from creating an App-Store account, publishing and marketing their application
  • We provide the right technical help and resources to our customer’s need
  • Industry Best Practices
  • We help customers knowledgeable in building as well as promoting their applications
  • On-time delivery
  • Fast and responsive communication support
  • Quick turnaround service

The bestwebdesignagencies.com is an autonomous body that identifies and lists out the best design and development companies in the world. The purpose is to help customers to find the best names in the industry. They adopt a stringent evaluation process to determine the quality of work delivered by a company and customer satisfaction.

Things You Should Know Before Planning Your Mobile App-Part-I

Posted on by Anurag Pattnaik

When you are looking at all the popular apps, you too are tempted to have one of your own; however, it can’t be done overnight. It is because; there are thousands of mobile app programmers and companies who may be thinking of doing the very much similar things. To have a successful mobile app it takes lots of hard work and well defined requirements.  You need to think about the main development aspects before planning to go for your mobile app.

Basic Steps You Need to Know For Developing Mobile App:

From our experiences, here are some guidelines you must go through if you are planning to develop a successful mobile app:

  1. The most crucial step is to come up with an innovative idea. Here, you need to make sure that there is little or no competition for it.
  2. Identify your targeted audience and build your app form their perspective, something that is more likely to be appreciated by these users.
  3.  Judge and determine major pain points and challenges that you expect to face for your application. You should hire a dedicated development team who could understand your specific business requirements and turn your ideas into a working app.
  4. Make sure that your app provides good usability and practical values to the users i.e., they should find your app useful and productive.
  5. Your app should have a solid built with no loose ends. Make sure to run a vigorous crash test and beta test phase before actually publishing it. User experience must be intuitive as well as engaging. If you are willing to implement APIs, ensure that it is robust and doesn’t generate any glitches in the application.
  6. After publishing your app to the application stores, you need to start promoting and market your application. One of the best ways to reach a wider audience is by promoting it over social media. Next, you will have to avail as much positive feedback from users as possible.
  7. You should offer constant support to your customers by addressing their comments, expectations and complaints. Then you should release updates and new features for your app to woo your existing customers as well as attracting the attention of new ones.
  8. Offering basic features for free and then selling premium stuff is a popular way to keep users hooked up and to gain traction. Also make sure that the app is noticed and favored by your customer.

iOS application development and Android app development can be easily executed and managed with the help of expertise mobile app developers. Moreover, it is advisable to outsource mobile application development tasks to development companies. Hiring a professional development company would facilitate you to build flawless and unique mobile apps which would greatly leverage revenue.