28 March 2016
Mandrill Shutdown on Heroku
Mandrill has been the go-to mailer addon for Heroku apps for many people. However, MailChimp is consolidating their offerings and ending Mandrill support shortly. Existing Mandrill users have until April 27, 2016 to switch to a new provider. In this guide I’ll go over two alternatives I’ve used in the last couple months; SendGrid, and Amazon SES.
25 March 2016
This series of posts is, for now, entirely an exercise in putting down in writing the system I used to teach myself Rails and then market myself and land a job. This post will focus on learning, with both the how and the where as well as some resources I used along the way.
04 March 2016
Authentication, encryption and the mathematical side of security are intriguing and incredibly interesting fields. However, they’re systems that you don’t want to implement on your own in a production environment. If you can make something better than the industry, there will be some great signs, like busting curves for every single math test in college and having the NSA offer you scholarships. Those kinds of signs.
Inheriting an app with bad security? Seamlessly upgrade users passwords.
If you want a secured rails app, there’s really only one option, and that’s using Devise. It can be as simple or complex as you need it to be, with a broad range of abilities like password resets, test helpers and controller actions to make your life easier. After all, that’s what brings many of us to Rails in the first place; the ability to quickly create robust applications. Unfortunately, our applications aren’t always sparkling examples of optimal coding practice. On occassions you’ll inherit an application with security flaws that need to be fixed. In this post, I’ll discuss how to take roll your own (or more likely, one that got rolled for you) authentication setup and seamlessly transition it to a Devise secured system.
01 March 2016
Make Your Legacy App More Secure With Reencryptor
For those who have been charged with maintaining an old Ruby on Rails app, there’s an excellent chance that if you’re storing sensititive information in your database, you’re using the attr_encrypted gem. Old versions of this gem have a security flaw which new versions of the gem address. This flaw is that all rows in the database use the same salt and initialization vector. The new version of attr_encrypted will use
mode: :per_attribute_iv by default. One of the applications in my case uses the legacy encryption scheme which makes it much quicker for a compromised app to yield up all its valuable information. Making the internet and internet connected applications more secure makes life better for everyone but thieves. Save yourself future trouble, and read on about the new gem I’ve created called Reencryptor which makes upgrading your legacy attr_encrypted fields to the new, more secure version a breeze.
22 February 2016
The Need: Less Tables, More Functionality
For whatever reason, you find need to keep track of various versions of an object in your database. However, you don’t want the overhead and dependency of adding on a full featured auditing gem such as Paper Trail or Audited. In cases such authentication, authorization or security, rolling your own is not recommended for many reasons. The main one of which is that security is important, and the odds are greatly not in your favor that you’ll make something more secure than the industry has already produced. For something such as versioning though, a lite version such as I’ll instruct you how to make will be much better for a developer who needs a quick, simple solution.