Page 1 of 2 | Next »
[13:39:22] MrCrackPot: i could pass you a few rails projects where the developer was off away with the faries
[13:42:33] MrCrackPot: ive walked away from projects because they refuse to redo and or refuse to pay
[11:26:23] MrCrackPot: anyone have any recomendations for me. I have a column in a table called expires which is datetime. if the expires column value is less than todays date then run a method and update the column.
[11:27:25] MrCrackPot: or should i make a method to do say on before_action :check_expired, only: :index
[11:28:16] MrCrackPot: my thought with a cronjob is once i have a lot of users searching through that db will take a lot of resources.
[14:00:12] MrCrackPot: IGnorAND, when ever a user logs in i record: // ip // long // lat // logged_in_time // and a few others.
[14:02:54] MrCrackPot: IGnorAND, its better to have a good outline of your complete project before you even begin a single line of code. then you create a rough idea breaking each section into elements. I need to think about performance at every step otherwise when it gets towards the end of the project trying to improve the entire project could end up in a re-write.
[05:39:45] MrCrackPot: then your decrypt would be a private method using a lib you create with all the openssl encryption decryption
[05:40:11] MrCrackPot: for the key you have a couple of options you can add one to your credentials and use that to encrypt decrypt all data
[13:23:15] MrCrackPot: If i remember rightly ZAJDAN you need to use @variable_name to use them in views
[13:24:37] MrCrackPot: With aws s3 for user avatars is it really a good idea to use a presigned url to view the image???
[13:24:54] MrCrackPot: or should i just make avatrs public but make any other sensitive files private
[14:27:33] MrCrackPot: alxgsv, thanks i was running some performance tests and trying to get those images with presigned urls in a rails api only app is a nightmare
[15:28:58] MrCrackPot: alxgsv, thats one thing ive not liked about amazon. Every presigned_url contains the bucket name and file name so its easy to grab that. set up wireshark make 3 requests and you've got not only the bucket name but also the logic on how you store files
[17:47:35] MrCrackPot: id change the scale to 2 unless you really need a number like 1234567890.123456
[16:01:10] MrCrackPot: jarr0dsz, if your looking for more encrption options like generating keys etc you can create your own module and use require openssl
[16:34:05] MrCrackPot: So i had an apifanny in the hospital just now. I've been trying to use active storage with json api with absalute zero success. Today i have direct uploads to my amazon storage bloody finally
[16:37:46] MrCrackPot: in the end i had to remove active storage all together and recreate my own. suited to the clients request
[15:22:13] MrCrackPot: current_user stores the authenticated user in the stack / heap i forget which one
[15:25:23] MrCrackPot: in a session coookie you dont want a clear text password. You set a session id and a hashed value. the call to the db checks to see if the session id is legit and that the cookie isnt expired or banned old etc etc etc. if its good it then it looks at the user_id that is stored in the session db. Not cookie. then search for that user cross check the hashed value matches and approves
[15:26:05] MrCrackPot: back when i was a kid every single page you clicked that needed authentication you have to login again
[15:27:31] MrCrackPot: if you dont want to call the db dont use current_user or tell the controller not to authenticate for those methods but they will be accessable to any user then regardless logged in or not
[15:28:57] MrCrackPot: as for your question on alt. machines cant read pictures but what they do is read text. It also bumps you up for the visually challenged as they are able to view your site images included.
[15:30:30] MrCrackPot: I wouldnt worry about too many calls. look to save resources from your main appllication rather than the login/authentication side
[15:32:16] MrCrackPot: a db call doesnt cost that much. Ive got a client with an api hosted on heroku they have roughly 200,000 users on a monday and thursday they have the most traffic the total cost of there api per month is $250
[16:00:21] MrCrackPot: your user is stored in the db to authenticate you need to query the db its as simple as that
[16:00:38] MrCrackPot: and to protect from hackers every link that needs authorization need to hit the db
[16:55:10] MrCrackPot: then why do you not have a model inside a session Inside showed you a link i showed you a link
[16:56:43] MrCrackPot: sessions and user_id are a buffer. you check the cookie first then you check the user
[16:57:45] MrCrackPot: https://medium.com/rubyinside/powering-your-ruby-rails-development-with-pry-3d5dbd2a8b80
[17:03:54] MrCrackPot: I think most people are reading you replys and probably wondering why im even bothering to try
[17:15:55] MrCrackPot: ZAJDAN sorry i missed your info on prefix erm why not try to use namespace instead of scope
[17:16:59] MrCrackPot: that way you can have a namespace called monkeys and any routes inside monkeys would be mySite.com/monkeys/endpoint
[18:02:54] MrCrackPot: You should never send user_id. That would be a huge security hole in your app, as users will be able to change it to hack into other users account.
[18:10:16] MrCrackPot: also using redis you should be careful as its memory based this uses a lot more than a simple call to the db
[18:10:44] MrCrackPot: 20 users all at once stored in memory thats a lot rather than just grab and search the db
[18:53:28] MrCrackPot: i htink this is whats hes trying to do https://stackoverflow.com/questions/26723090/storing-data-in-session-cookies