Videos tagged with Railscasts
Another common security issue is cross site scripting. In this episode you will see why it is so important to escape any HTML a user may submit.
Your site may be at risk! When using mass assignment, you are giving the user complete control over that model and its associations. See how a hacker might use this vulnerability and learn how to stop it in this episode.
One of the most common security problems for dynamic sites is SQL Injection. Thankfully Rails does everything it can in solving this issue, but you still need to be aware of it.
The stack trace can be a very useful tool when it comes to debugging. Learn the ins and outs of how the stack trace works in this episode. Note: I am using an older version of the Rails bundle here so it might be a little different than yours. The command in the newer version is called Install Plugin and requires you to type textmate_footnotes in the search.
If you need to display the record count for a has_many association, you can improve performance by caching that number in a column.
One way to improve performance is to cut down on the number of SQL queries. You can do this through eager loading. Learn all about it in this episode!
The final piece of the administration puzzle: authentication. There are many different approaches which is why I saved this step for last. This episode will cover a few techniques including the simple solution used for this site.
In this second part of the series on administration, you will learn how to lock down the site to keep the public from accessing the administration features.
This is the first part of a three part series on building an administration system. Many developers choose to separate it completely from the public side of the site by placing it into an admin subdirectory. This episode will show you an alternative and often better solution.
Displaying flash messages in the layout can be a pain at times. In this episode you will learn an easy way to display any kind of flash message by looping through the hash.