...topic of this card. Read following chapters: (1) Security Principles (3.3) Sessions and Cookies (3.5) Same-Origin-Policy (4.2) Angriffsfläche / Attack Surface (4.3) Speicherung von Passwörtern (6) Kryptographische Grundlagen...
...Authentifikation (8) Authorization (9) Session Management Ohne (9.4) JSON Web Tokens (10) Federation / Single-Sign on (11) Serverseitige Angriffe (12) Clientseitige Angriffe (13) Clientseitige Schutzmaßnahmen Read through the most known...
...Repeat Yourself (or DRY). In Ruby on Rails we keep our code DRY by sharing behavior by using inheritance, modules, traits or partials. When you reuse behavior you want to...
...writing integration tests with Cucumber, where you need to express yourself with Gherkin and step definitions instead of Ruby classes and methods. But don't dispair! Below you will find...
...This release has many minor changes and fixes to prepare your application for Rails 3. Step-by-step upgrade instructions: Upgrade rails gem Change your environment.rb so it says RAILS...
...for a detailed list of changes. 2.3.9 to 2.3.10 Fixes Vulnerability in Nested Attributes code. Step-by-step upgrade instructions: Upgrade rails gem Change your environment.rb so it says RAILS...
The following two hints are taken from Github's Ruby style guide: If your regular expression mentions a lot of forward slashes, you can use the alternative delimiters %r(...), %r...
...complex, you can use the /x modifier to ignore whitespace and comments: regexp = %r{ start # some text \s # white space char (group) # first group (?:alt1|alt2) # some alternation end
...this card, we describe a wrapper for it that humanizes a given number of seconds in the "next best" unit, like seconds, minutes, etc. Example usage >> new Duration(42).humanized...
>> new Duration(123456).humanized() => '1 Tag' >> new Duration(123456).humanized('es') => '1 día' Code Here is the code as an ECMAScript module. Note that we default to German in...
When you need to find out in which kind of spec you are during run-time, it's definitely possible. It's a lot easier in RSpec 2+.
...consider this global before block where you'd want to run some code for specific specs only: config.before do # stuff that_fancy_method # more stuff end RSpec 2+
...Doing that enables e.g. man in the middle attacks. If you accept only a single expired and known certificate, you are much less in trouble. Setup All the solutions described...
...below use a verify_callback for the request's OpenSSL::X509::Store where you can specify a lambda to adjust its verification response. Your callback must return either true or...
...maintain. There are some good practices for writing a changelog that adds value, please stick to these. Add a notice to the README's contribute section about the changelog
...this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). ## Unreleased - Added `Foo#foo` method. ## 1.0.0 - 2017-06-20 ### Breaking changes - Renamed `Foo...
Icon fonts like Font Awesome are infinitely scalable, look great on high-DPI displays and will give your app a modern look. However, icon fonts can be very awkward to...
...use compared to raster icons. Elements are given icons by giving them a special class like icon-plus or icon-home: Create The icon font's stylesheet will then recognize...
This card is a general reminder to avoid the short version of a command option in shared code. It's much easier to understand a command and search for an...
...option when it's written out. You can still use the short version of the options in your own terminal or in code snippets that are more useful when they...
...diesen verschiedenen Verbindungsversuchen erklären: nc makandra.de 22 nc ccc.de 22 nc app02-stage.makandra.makandra.de 22 Du kannst Sequence-Numbers erklären Du kennst die Unterschiede zwischen UDP und TCP und kannst Beispiele nennen...
...makandra.de aufbauen und die Datei robots.txt abrufen (Siehe https://richj.co/talking-http-1.1/) Du weisst, was dieser Server-Header bedeutet: Strict-Transport-Security: max-age=31536000 IPv6 Wie werden MAC Adressen bei...
...more complicates it is easier to understand and to process. Note: In case a string does not match the pattern, .match will return nil. With Ruby 2.4 the result of...
...transformed to a Hash with named_captures. This allows you to use methods like slice or fetch on the result. Example with a multiple assignment PRODUCT_PATTERN = /\A(.+) S\/N...
...uses a "real" time zone or :local, and if config.active_record.time_zone_aware_attributes is set to false or not. With time zones configured, always use .current for Time, Date, and...
...which hold time zone information and Time.now only in those that run with the server's time. If you don't, bad things can and will happen. More information can...
...least one external REST API, machine-to-machine communication via GraphQL is less commonly seen. In this card, I'd like to give a quick intro on how to query...
Interacting with GraphQL feels a bit like querying a local database. You are submitting queries to fetch data in a given structure (like SELECT in SQL) or mutations to...
...config={}). There also is a generate method which will run the generator in a subprocess. Call it with generate 'generator_name', 'command line args'. Expected (hard-coded) directory structure of...
... #{generator name, e.g. model}_generator.rb USAGE Templates If you want to use the supplied template, directory and other template methods, you must call source_root 'path/to/templates' inside your generator...
...with an english name. This makes you code easier to read and is also suggested by Rubocop's Style/GlobalVars cop. Example before: if 'foo' =~ /foo/ puts $~[1] # => foo end
...following content: require 'English' List of global aliases $ERROR_INFO => $! $ERROR_POSITION => $@ $FS => $; $FIELD_SEPARATOR => $; $OFS => $, $OUTPUT_FIELD_SEPARATOR => $, $RS => $/ $INPUT_RECORD_SEPARATOR => $/ $ORS => $\ $OUTPUT_RECORD_SEPARATOR => $\ $INPUT_LINE_NUMBER...
When your application is open for public sign up and sends out transactional e-mails to a large number of users, e-mail deliverability becomes an issue. E-mail providers...
...work hard to eliminate spam and have put in place relatively tight checks what kinds of emails they will accept, and from whom. To that end we use tools like...
...are automagically available through accessors on the Active Record object. When you need to specialize this behavior, you may override the default accessors (using the same name as the attribute...
...and simply call the original implementation with a modified value. Example: class Poet < ApplicationRecord def name=(value) super(value.strip) end end Note that you can also avoid the original setter...
...and autoload paths. They do NOT create a module for namespacing. This is intuitive, since there normally is no module Model, or module Controller. If you want to add a...
├── models ├── uploaders # No config needed ├── util # No config needed └── workers # No config needed Sometimes it's handy to group files within a directory, but not reflect that grouping within...
Git allows you to do a binary search across commits to hunt down the commit that introduced a bug. Given you are currently on your branch's HEAD that is...
...not working as expected, an example workflow could be: git bisect start # Start bisecting git bisect bad # Tag the revision you are currently on (HEAD) as bad. You could also...
Understand at least the following CSS concepts: Classes Selecting elements for styling Basic styling (color, typography, spacing) The box model Inline elements vs. block elements Ways to layout elements...
...Learn how to use your browser's "inspect" feature and how you can see which CSS styles are applied to an element Learn what a "reset stylesheet" is.
...be confused with truemail.io) allows validating email addresses, e.g. when users enter them into a sign-up form. It runs inside your application and does not depend on an external...
...set config.not_rfc_mx_lookup_flow = true. Validation methods explained Regex validation (1) is pretty straight-forward and basically "free" since you're not making and network connections. SMTP validation...
...throw in some locking mechanism, but then are usually done with it. Unfortunately, transactions semantics in databases are actually very complicated, and chances are, your making some incorrect assumptions.
...engine actually has four different modes for transactions: READ UNCOMMITTED READ COMMITTED REPEATABLE READ SERIALIZABLE READ UNCOMMITED gives you the least isolation between transactions (i.e. one transaction can see most...
CarrierWave comes with a set of default configuration options which make sense in most cases. However, you should review these defaults and adjust for your project wherever necessary.
...also find suggestions on what to change below. Understanding the default configuration Here is the current default config for version 2: config.permissions = 0644 config.directory_permissions = 0755 config.storage_engines = { :file => "CarrierWave...