Tag: Rails application

How to Boost Performance Of Your Rails App Using DynamoDB And Memcached

Posted on by Anurag Pattnaik

With the increasing number of apps going live on the web, it’s becoming common to see that they use multiple servers. This is mainly due to scalability and availability purposes. But, these types of applications are also often not as responsive as they should be. Using a simple gem called DynamoDB and Memcached will allow you to achieve higher performance in your Rails app. Let me explain,

What is Memcached

Memcached is a high performance, free and open source distributed memory caching system used to speeding up dynamic web applications by alleviating database load. Memcached is simple yet powerful. Its simple design promotes quick deployment, ease of development, and solves many problems facing large data caches.

It is used for speeding up dynamic web applications by reducing database load. In other words, every time a database request is made it adds additional load to the server. Memcached reduces that load by storing data objects in dynamic memory (think of it as short-term memory for applications). Memcached stores data based on key-values for small arbitrary strings.

How does Memcached work?

Memcached is comprised of four main components

  1. Client software – Which is given a list of available Memcached servers
  2. A client-based hashing algorithm – Chooses a server based on the “key”
  3. Server software – Stores values and their keys into an internal hash table
  4. LRU – Determines when to throw out old data or reuse memory

Each item is comprised of a key, expiration time, and raw data.

At a high-level Memcached works as follows:

  1. The client requests a piece of data which Memcached checks to see if it is stored in cache.
  2. There are two possible outcomes here:
    1. If the data is stored in cache: return the data from Memcached (no need to check the database).
    2. If the data isn’t stored in cache: query the database, retrieve the data, and subsequently store it in Memcached.
  3. Whenever information is changed or the expiry value of an item has expired, Memcached updates its cache to ensure fresh content is delivered to the client.

A few important points about Memcached architecture include:

  • Data is only sent to one server.
  • Servers don’t share data.
  • Servers keep values in RAM. If RAM runs out the oldest value is discarded.

What is DynamoDB

Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. With DynamoDB, you can create database tables that can store and retrieve any amount of data and serve any level of request traffic. You can scale up or scale down your tables’ throughput capacity without downtime or performance degradation.

DynamoDB is a particularly good fit for the following use cases

  • Applications with large amounts of data and strict latency requirements
  • Server less applications using AWS Lambda
  • Data sets with simple, known access patterns

Installing Memcached

There are a few ways you can install Memcached. Depending on which system you’re using, the method will vary. As outlined on the official Memcached Installation Wiki, installation from a package is simple.

Using Memcached with DynamoDB in Rails

Memcached is a quick in-memory protest reserving framework that can make Rails run much quicker with not very many changes. Memcached will work on any database used in Rails application.

When the table is small and request volume is low this isn’t much of an issue, but as your database and user volume grow, these can impact the performance of your application. In such cases Memcached plays an important role to reduce the database load by caching the request object in memory.

To use Memcached in Rails app, follow the below steps

Install dalli gem

[code language=”css”]gem ‘dalli'[/code]

Add “dalli” gem to your gem file and install it.

 Development/Production file

[code language=”css”]config.cache_store = :dalli_store</em><em> </em><em>config.action_controller.perform_caching = true[/code]

 Add the above lines in your development.rb or production.rb file as per the requirement

Add Memcached in your method

[code language=”css”]search_query = "user_id = :user_id AND is_approved = :is_approved"
search_param = {":user_id" =&gt; params[:user_id], ":is_approved" =&gt; ‘t’}
all_games = Rails.cache.fetch(‘all_lists’, expires_in: 2.minutes)
{
do_scan(Article.table_name,search_query,search_param)
}[/code]

The above query syntax is an example of combination of Memcached and DynamoDB. In this example once the query executed and the result will store in the “all_list” key of the Memcached and expire after 2 minutes automatically.

Conclusion:

DynamoDB and Memcached is a powerful combination for your Rails app. If you’re looking to improve the performance of your Rails application, this may be the solution for you.

DynamoDB and Memcached involves storing information in an external database, which can be retrieved with a single call. This will allow you to avoid the constant querying of data from your application’s memory.

There are many benefits to this gem, but most importantly, increased response time for your application. Faster response times mean less downtime and more satisfied customers.

You have rails application but don’t know how to maximize the performance with DynamoDB and Memcached. Andolasoft has experienced rails developer who has good hands on DynamoDB and Memcached. So fell free to discuss about your project. Book a free consultation

12 Security Checks to Perform Before Launching Your Rails App

Posted on by Srikant M.

In today’s interconnected world, software security is paramount. With the rise in cyber threats and the potential for data breaches, it’s crucial to ensure that your Rails application is fortified against vulnerabilities before releasing it into the wild.

Neglecting security checks can lead to devastating consequences, tarnishing your reputation and putting sensitive user data at risk.

The possible threats could be hijacking user accounts, manipulation of access control, accessing sensitive data & doctoring with garbage contents. You should act proactively to protect your valuable information.

In this comprehensive guide, we’ll walk you through the essential security checks you must perform after Rails app development and before launching your Rails app.

Here you go with some useful security tips which you cannot ignore. Courtsey, Ruby on Rails Security Guide.

  • Don’t trust logged in users (Authentication != Authorization)

    • Always check whether the current logged in user is allowed to perform operation like create, update, delete and view.
    • Devise, a library which handles authentication, to verify that you can only get to the destroy action if you’re logged in. However, Devise does not handle authorization.
    • Apart from authentication authorization must be checked prior to allow any data sensitive operation.

  • Mass assignments vulnerability. (Use attr_accessible in your models!)

    • ‘Mass Assignment’ is the name Rails has given to the act of constructing your object with a parameters hash. Using “mass assignment” that you can assign multiple values to attributes via a single assignment operator.
    • A ‘params hash’ can contain anything, so protect all sensitive attributes from re-assignment. The best way to do this is by disabling mass assignment using ‘attr_accessible’ (or attr_protected) in your models.

  • Prevent your attribute being changed from outside with attr_readonly

    • Remember to disable updating protected attributes.
    • Using ‘attr_readonly’ declaration of ActiveRecord allows the attribute to be set on create, but never edited on update.

  • SQL Injection(SQLi)

    • SQL injection (SQLi) is a code injection technique in which a user can manipulate a database in an unintended manner. Consequences of SQL injection vulnerabilities range from data leaks, to authentication bypass, to root access on a database server.
    • To get rid, never include user submitted strings in database queries. Check all model scopes and find conditions that include ‘params’ or interpolated strings.

    Instead of using such unsafe code

Post.all(:conditions => "title = #{params[:title]}")

You can have safer, simpler code like

Post.all(:conditions => {:title => params[:title]})

  • Prevent executable files from being uploaded

    • We should always distrust the user/browser provided information, to make decisions on a file’s mime/content type.
    • Validate the content type of all attachments, and place uploaded files in protected directories or on another server/service e.g. S3/Cloudfront.
    • Content-types can easily faked, so check the file extensions and be sure to disable your web server from executing scripts in the upload directory.
    • Also, beware of plugins creating or writing in temp directories during file upload operation.They may create files or directories from user submitted ‘params’ without checking the file path.

  • Avoid Redirection

    • Avoid using redirects to user supplied URLs like redirect_to(params[:some_parameter]).
    • When the arguments for a redirect comes from ‘params’, you are open to redirect to unintended URLs.

  • Security updates and patches of Gems and Plugins

    • Always check your dependencies for security updates and patches.
    • If possible subscribe to the GitHub issues list (or any mailing list) of the gems or plugins you are using.
    • Always specify the version to avoid undesirable breaks to your code.

  • Passwords in the database

    • Never ever store passwords in the database as clear text.
    • Encourage strong alphanumeric passwords and if necessary follow other strong password practices (like multiple failed logins, password expiry/reset etc.)
    • Keep encrypted password in your database like the one devise generates.

  • Make non-ActionController methods private

    • Check whether the methods you have declared in a controller is accessible to the public.
    • Change accordingly in your ‘routes’ so that it is private and inaccessible to the public.

  • Include CSRF token in all form submissions

    • Include ‘csrf_meta_tag’ helper in the HTML head tag in Rails 3.
    • Enable ‘protect_from_forgery’ and use form helpers to include the Rails authenticity token in all form submissions.

  • Cross-Site Scripting (XSS)

    • Cross-site scripting attacks occur when malicious scripts are injected into web pages and executed in users’ browsers. 
    • Employ content security policies (CSP), sanitize user-generated content, and use proper escaping methods to prevent this attack vector.

  • Cross-Site Request Forgery (CSRF)

    • CSRF attacks exploit the trust a website has in a user’s browser by tricking it into executing unwanted actions on the site. 
    • Protect against this threat by implementing CSRF tokens in your forms and utilizing the built-in Rails mechanisms.

SEE ALSO: Security Patch to deal authentication bypass for RoR

Conclusion

The security of your Rails application is not a feature that can be fixed on at the last moment. It should be an integral part of your development process from day one.

By conducting comprehensive security checks before releasing your app, you demonstrate your commitment to safeguarding user data and maintaining the trust of your audience.

In a digital landscape where threats are ever-evolving, a proactive approach to security is not just a best practice—it’s a necessity.

Rails app developers always maintain a checklist of security measures to take before releasing the app. Top Rails app development companies have even more stringent security measures and follow them from the inception of the app development.

Related Questions

Q1: What is the first step in ensuring the security of a Rails app before its release?

A1: The first step is to perform a thorough code review and security assessment of your application. This involves analyzing the codebase for potential vulnerabilities, checking for proper implementation of authentication and authorization, and reviewing the usage of third-party libraries and dependencies.

Q2: How can I prevent SQL injection attacks in my Rails app?

A2: To prevent SQL injection attacks, you should use parameterized queries or an ORM (Object-Relational Mapping) framework like ActiveRecord. Avoid constructing SQL queries using string concatenation and ensure that user inputs are properly sanitized before being used in queries.

Q3: What measures can I take to protect against Cross-Site Scripting (XSS) attacks in my Rails app?

A3: To protect against XSS attacks, implement Content Security Policies (CSP) to restrict the sources of executable content, sanitize user-generated inputs to prevent the injection of malicious scripts, and use proper output escaping methods, such as using the h helper, when displaying dynamic content.

Q4: How do I handle secure session management in my Rails app?

A4: Secure session management involves setting appropriate session expiration times, using secure and HTTP-only cookies, and ensuring proper handling of session logout upon user inactivity. Rails provides mechanisms like protect_from_forgery and the session helper to help with these aspects.

Q5: Why is it important to update third-party dependencies in my Rails app?

A5: Third-party libraries and gems often contain vulnerabilities that can be exploited by attackers. Regularly updating and patching these dependencies is crucial to address known security issues. You can use tools like Bundler Audit to identify and mitigate potential risks associated with third-party code.

 

Unveiling FeedZirra: Simplifying Feed Parsing in Your Rails Application

Posted on by Srikant M.

What is a Feed?

A feed is a data format which is used to provide frequent updates and latest contents to the users. A feed has no particular type; it could be news, latest technology, game, gadgets, sports etc. These feeds can be easily parsed into your Rails application to make it more useful for the users. The feed is build up with XML and has particular format type.

What is Feedzirra?

“Feedzirra” on the other hand is a feed library built on Ruby that is designed to get and update a number of feeds as fast as possible. This includes using “libcurl-multi” through the “curb” gem for faster http gets, and “libxml” through “nokogiri” and “sax-machine” for faster parsing.

Suppose you need to add some updated information to your Rails application from other feed site like ‘feedburner’, in such cases you can easily work it out by using the gem “feedzirra”.

Here are the steps to use ‘feedzirra’ in your Rails application.

Step-1

Add the gem ‘feedzirra’ in to your gem file.

[sourcecode language=”plain”]gem ‘feedzirra'[/sourcecode]

Run ‘bundle install’ to install the gem along with its dependencies.

Step-2

Modify your controller where you are fetching the feeds.

[sourcecode language=”plain”]require ‘feedzirra'[/sourcecode]

Step-3

Now, write the following code in your method in order to parse feeds from an external site.

[sourcecode language=”plain”]feed =Feedzirra::Feed.fetch_and_parse("http://feeds.feedburner.com/TechCrunch/gaming")
@entry = feed.entries
[/sourcecode]

Note: Here we are parsing the feeds from ‘feedburne’r site with updated information on gaming news.

Step-4

Now, open your view section and write the following code snippet to display the information regarding the feeds.

[sourcecode language=”plain”]<ul>
<%@entry.each do |t|%>
<li>
<%= link_to "#{t.title}", "#{t.url}",:target => "_blank" %>
<%=t.author%>
<%=t.content%>
<%=t.published%>
<%=t.categories%>
</li>
<%end%>
</ul>
[/sourcecode]

Note: The above code will display the feed title, author name, content, published date and category type. Clicking the feed title, will launch a new tab in browser and display the detail information of that feed.

Step-5

You can also fetch multiple feeds by writing the following code.

[sourcecode language=”plain”]feed_urls = ["http://feeds.feedburner.com/PaulDixExplainsNothing", "http://feeds.feedburner.com/trottercashion"]
feeds = Feedzirra::Feed.fetch_and_parse(feed_urls)
[/sourcecode]

Conclusion:

The FeedZirra gem empowers Rails developers to seamlessly integrate feed parsing capabilities into their applications. 

Are you looking for a Ruby on Rails developer

Contact Us

Whether you’re building a news aggregator, a blog reader, or a content recommendation system, FeedZirra simplifies the process of retrieving and presenting timely content from various sources. 

By harnessing the power of FeedZirra, you can enhance user engagement, keep your app’s content fresh, and deliver a more dynamic user experience.

Related Questions

Q1: What is the FeedZirra gem, and how does it simplify feed parsing in Rails applications?

The FeedZirra gem is a powerful tool in the Ruby ecosystem that provides a user-friendly way to parse RSS and Atom feeds. It abstracts the complexities of handling different feed formats, making it easier for developers to extract and utilize the content they need within their Rails apps.

Q2: How can I integrate the FeedZirra gem into my Rails application for parsing feeds?

To integrate the FeedZirra gem into your Rails app, start by adding it to your Gemfile with the following line: gem ‘feedzirra’. After running bundle install, you can fetch and parse feeds using the Feedzirra::Feed.fetch_and_parse method. This allows you to access the feed’s entries (articles) and display them in your app.

Q3: What are some of the advanced features offered by the FeedZirra gem for feed parsing in Rails?

The FeedZirra gem provides several advanced features, including access to various properties of feed entries such as publication date, author, summary, and content. It also offers automatic HTML content sanitization to ensure safe rendering. Additionally, you can implement caching to reduce the load on feed sources and optimize performance.

Q4: How does the FeedZirra gem benefit developers when integrating feed parsing into their Rails applications?

The FeedZirra gem brings several benefits to developers, including streamlined efficiency by handling the intricacies of feed parsing. It supports multiple feed formats (RSS and Atom), making it compatible with a wide range of sources. The gem’s simple API is designed for ease of use, catering to developers of various skill levels. Moreover, it provides customization options to tailor parsed feed content to suit your app’s design and requirements.

Q5: Can the FeedZirra gem be used to enhance user engagement and content freshness in Rails apps?

Absolutely. By utilizing the FeedZirra gem to parse feeds, you can enhance user engagement by providing fresh and relevant content from various sources. Whether you’re building a news aggregator, a blog reader, or a content recommendation system, integrating feed parsing into your Rails app with FeedZirra helps create a dynamic user experience that keeps users informed and engaged.

File Uploading Through Paperclip in Rails 3.x

Posted on by Jay

Rails3Paperclip is an easy file attachment library for Rails Applications. Attached files are saved to the file system, database or cloud and referenced in the browser by an easily understandable specification.

Here is an example to explain the image attachment for a user profile in an application. This example narrates about saving the image in the file system. However, the images can be saved in S3 bucket [Amazon Simple Storage Service, S3] or database.

Step#1

ImageMagick must be installed in the system and Paperclip must have access to it. ImageMagick is a software suite to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats. You can download it by visiting the following URL:

http://www.imagemagick.org/script/index.php

Step#2
Include the paperclip gem in your Gemfile

gem "paperclip"

Then run the bundler to install the gem

bundle install

Step#3
Add the fields for the image processing as below in your migration file

class CreateUsers < ActiveRecord::Migration
def change
create_table :users do |t|
t.string :name
t.string :photo_file_name
t.string :photo_content_type
t.string :photo_file_size
t.timestamps
end
end
end

Then run your migration files

rake db:migrate

Step#4

Modify the user model for cropping and save image in your system folder

has_attached_file :photo, :styles => { :small => "150x150>" },
:url => "/system/:attachment/:id/:style/:basename.:extension",
:path => ":rails_root/public/system/:attachment/:id/:style/:basename.:ex

Here you can specify the file path and the image size as per the requirement.

Step#5
Modify your view file to upload an image

<pre class="plain plain">&lt;%= form_for :user,:url =&gt; {:action =&gt; "create"}, :html =&gt; { :multipart =&gt; true } do |f| %&gt;
&lt;%= f.file_field :photo %&gt;
&lt;% end %&gt;</pre>

Step#6
Write the following code to display the image of a user

<%= image_tag @user.photo.url (:small)%>

Please stay connected with us by subscribing our email.
Also feel free to share your opinions in the comments section below:

Usage of PDFKit with Rails 3.2.8 and Ruby 1.9.3

Posted on by Jay

PDFkit is a powerful library which generates PDF from HTML + CSS. It uses “wkhtmltopdf” on the back-end which renders HTML using Webkit. Here is a simple example which describes the installation of “wkhtmltopdf” and usages of pdfkit. I have used rails 3.2.8 and ruby 1.9.3 as my environment.

Step-1:

Install the “wkhtmltopdf” library

Download the “wkhtmltopdf” library from the link
http://code.google.com/p/wkhtmltopdf/

Windows

  • Download the exe file and install it.
  • Remember the installation path

Linux

  • Download the binary for your architecture at the http://code.google.com/p/wkhtmltopdf/downloads/list
  • Extract the file to a directory that is in your PATH, such as /opt or /usr/local/bin and run from there.

For Debian/Ubuntu use the following command:

apt-get install wkhtmltopdf

Step-2: Installing PDFKit

In your bundle file write

gem 'pdfkit'

Then install

bundle install

Step-3: Configuration of PDFKit

Create a new file “pdfkit.rb” in “config/initializers/” path and write the following

If you are in windows then you need to give the path to the exe file generated after installation. If you are in linux and the path is set as the default path then you don’t need to give the path.

PDFKit.configure do |config|
config.wkhtmltopdf = 'C:Program Fileswkhtmltopdfwkhtmltopdf .exe'
config.default_options = {
:page_size => 'Legal',
:print_media_type => true
}
# config.root_url = "http://localhost" # Use only if your external hostname is unavailable on the server.
end

Step-4: Middleware Setup

Write the following in the “config/application.rb

require 'pdfkit'
 
config.middleware.use PDFKit::Middleware
config.threadsafe!

Step-5: Usages

Creating PDF in a file path

Now to generate the pdf file by writing down the following codes on one of your controller actions

kit = PDFKit.new"<h1>Hello</h1><p>This is PDF!!!</p>"
file_path = your_file_path
pdf = kit.to_file file_path

Now you can find the PDF file being generated on the file path.

Displaying PDF on browser

<p id="pdf_link"><%= link_to "Download Invoice (PDF)", order_path(@order, :format => "pdf") %></p>

Your PDF will be displayed on the browser.

You can also add “.pdf” to any of our application’s URLs to get a PDF version of that page.