In case you have sensitive data within your RDS instance, you want to use encrypted connections between your application and RDS instances. If you're using MySQL on RDS, here's what to do:

1. Download the AWS CA file and copy it to the machine you want to connect from: http://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem
   As far as I could find out, you (currently) cannot access further details of the SSL configuration (such as public key).

2. Try to connect using MySQL client

   `% mysql -uyour_username -p -h rds_hostname_from_...

When writing a piece of reusable code, you sometimes need to have separate code for Rails 2 and Rails 3. You can distinguish between Rails versions like this:

if Rails.version < '3' # mind the quotes
  # Rails 2 code goes here
else
  # Rails 3+ code goes here
end

If a model inherits from others or uses many concerns / traits, it might be hard to see in the code which validators it has.
But fortunately there's a method for that:

irb(main):002:0> pp UserGroup.validators
[#<ActiveModel::Validations::InclusionValidator:0x00007f55efff97a8
  @attributes=[:deleted],
  @delimiter=[true, false],
  @options={:in=>[true, false], :allow_nil=>false}>,
 #<ActiveModel::Validations::InclusionValidator:0x00007f55f15748d0
  @attributes=[:cancelled],
  @delimiter=[true, false],
  @options={:in=>[true, false], ...

Instead of cobbling together default settings in several different places as the issues arise, you can define them application-wide.

Say we want …

• to create a Gallery that has a name and has_many :images, which in turn have a caption
• to offer the user a single form to create a gallery with any number of images
• immediate uploads with a progress bar per image
• a snappy UI

Enter jQuery File Upload. It's a mature library that can do the job frontend-wise. On the server, we'll use Carrierwave, because it's capable of caching images.

(FYI, [here's how to do the u...

The information in this card is only relevant for Rails 2.3-era apps.

This note gives a quick introduction into caching methods (page caching, action caching and fragment caching) in rails and describes some specific problems and solutions.

The descriptions below are valid for Rails 2 and 3. Recently, caching with timestamp- or content-based keys has become more popular which saves you the pain of invalidating stale caches.

How to enable/disable caching

To enable or disable caching in rails you ca...

When using send_file (for example for attachments of any kind), make sure your application knows the correct mime types so that all browsers can handle the files. It is much more convenient for users if they can decide to open a file directly instead of having to save it first.

For Rails >= 3.2

Simply put your mime types in config/initializers/mime_types.rb. send_file will take care of everything else.

For Rails < 3.2

Put your mime types in config/initializers/mime_types.rb. Additionally, tell send_file to use them (for ex...

Rails uses a CSRF token in forms and AJAX requests to verify a user request. Internally it compares the injected CSRF token of the form data with the CSRF token in the encrypted user session. To prevent SSL BREACH attacks, the CSRF token from the form data is masked.

To better debug issues, when these tokens do not match, it is useful to unmask the CSRF token from the form da...

Specify these gem versions in your Gemfile:

gem 'cucumber', '~> 1.3.0'
gem 'cucumber-rails', '= 0.3.2' # max version for Rails 2
gem 'capybara', '< 2' # capybara 2+ requires Rails 3
gem 'mime-types', '< 2' # dependeny of capybara
gem 'nokogiri', '< 1.6' # dependency of capybara
gem 'rubyzip', '< 1' # dependency of selenium-webdriver, rubyzip 1+ requires Ruby 1.9
gem 'cucumber_factory'
gem 'database_cleaner', '< 1'
gem 'cucumber_spinner', '~> 0.2.5'
gem 'launchy', '~> 2.1.2'

With these versions set, `...

Simple: Tell the application controller how to handle exceptions, here a RecordNotFound error.
Do this with the following line:

# application_controller.rb

  rescue_from ActiveRecord::RecordNotFound, :with => :render_404

This will call the method render_404 whenever a RecordNotFound error occurs (you could pass a lambda instead of a symbol, too).
Now write this method:

def render_404
  render 'errors/404', :status => '404'
end

Finally create a 404 document views/errors/errors.html.haml.

%h1 Record...

File logger

If you need to log to a file you can use Ruby's Logger class:

require 'logger'

log = Logger.new('log/mylog.log')
log.info 'Some information'
log.debug 'Debugging hints'
log.error StandardError.new('Something went wrong')

Logger does a number of things well:

• Message type (info / debug / error) is logged
• Log entries are timestamped
• Writing log output is synchronized between threads
• Logged errors are printed with full backtraces

If you don't like the output format, you can define a custom formatter.

I ha...

Update RubyGems and Passenger

Bundler requires Rubygems >= 1.3.6. Run gem update --system if you have an older version.
It also is not compatible with older versions of passenger, so bring that up to date as well (2.2.15 works).

If you installed RubyGems through apt (which you should never do!), you may see a message giving you a hint to use apt to update.
Some people advise to install the 'rubygems-update-1.3.7' gem on Ubuntu systems if you used apt to install RubyGems.
I did that - and lost all...

The Rails logger will store its content in a buffer and write it into the file system every 1000 lines. This will come back to bite you when using Rails.logger.info to write log output during Rake tasks or on a production console.

You often won't notice this because for the development and test environments auto_flushing is set to write after each line. On production environments the Rails logger writes only every 1000 lines -- and not upon shell or script ter...

Let's say you have two screens:

1. Show a given project
2. Show a report for all projects

Ideally you want both screens to be handled by different controllers like this:

GET /projects/:id        => ProjectsController#show
GET /projects/report     => Projects::ReportsController#show

What seems like a simple requirement is a little awkward to configure in your routes.
Obviously the report should be a singleton resource, but how can we nest it into the Projects:: namespace?

What does not work is this:

resources :proj...

PostgreSQL has partial indexes. With a partial index you tell Postgres to only index rows matching a given query.

Some uses cases for a partial index:

• You want a uniqueness index, but only under some conditions
• Your table is very large and indexing every row becomes expensive

The linked article shows how to create a partial index with Rails.

When you use google analytics to track your visitors interactions, you should ensure that it runs on your production site only. Otherwise it will spoil your statistics. To prevent this, test for the right environment and place the JS-code afterwards:

- if Rails.env.production?
  :javascript
    var _gaq = _gaq || [];
    _gaq.push(['_setAccount', 'UA-XXXXXXXX-X']);
    _gaq.push(['_trackPageview']);
    ...

See our new comprehensive guide for upgrading every Rails 2 version ever.

See our new comprehensive guide to upgrading every Rails 2 version ever.

If you get an error like this ...

 can’t find executable rails for rails-3.2.3 (Gem::Exception)

... one of several things might be wrong.

1. You're using RVM

It's possible that you have a system-wide gem executable (like rails) that requires a gem that is not available in the current RVM Ruby or gemset. Check what Ruby you are using (rvm current) and look out for .rvmrc files in your current directory (which change your Ruby upon entering the directory).

2. You killed a gem install process
   ----------...

The issue

Yesterday, Rails fixed a security issue (CVE-2014-3514) in Rails 4+. It was possible to use .where or .create_with to bypass Rails' Strong Parameters:

user.blog_posts.create_with(params[:blog_post]).create

would set all attributes on the blog post. After the fix, you have to properly whitelist the params, via `params[:blog_post].permit(:title, :bo...

Note that this seems to affect only recent Rails 2 versions.

You will not encounter this until you are writing to the cookie more than once, but when doing so, integration tests (Cucumber) may break for you with this error:

You have a nil object when you didn't expect it!
You might have expected an instance of ActiveRecord::Base.
The error occurred while evaluating nil.[] (NoMethodError)

Background

The regular/short cucumber backtrace is not of any help but looking at the full trace reveals that ActionPack's `actio...

Rails flashes (FlashHash) track a list of used keys, which is not respected when comparing flash hashes.

This does not concern you under most circumstances.

Basics

When ActionController picks up a flash object, it will call the #sweep method once; that method checks the list of used flash entries and deletes those. All other entries are flagged as used. This means they will be deleted on the next request, but are still be available for rendering during the current request.

Fun facts: When redirecting, this does not happen. Also,...

You may encounter problems with passenger starting an application with an updated rails.
If you find an error like this in the apache error log:

[ 2015-08-21 10:53:04.1266 17680/7f4909bf7700 Pool2/Implementation.cpp:883 ]: Could not spawn process for group /var/www/example.com/current#default: An error occured while starting up the preloader.
     in 'void Passenger::ApplicationPool2::SmartSpawner::handleErrorResponse(Passenger::ApplicationPool2::SmartSpawner::StartupDetails&)' (SmartSpawner.h:455)
     in 'std::string Passenger::Appli...