Recently I was given the task of integrating a (complete for all intents and purposes) PHP application with our main Ruby on Rails application. Because the PHP application needed to display a similar interface and required knowledge of the user’s account, I needed a way to access that data from the database both applications were now sharing. The only real requirement I had was that I absolutely didn’t want to make the user login to the PHP app if they were already authenticated on the Rails side of things as this seemed unnecessary and interrupted the flow things.

I did a bit of searching and, while I did find the wiki page on going from PHP -> Rails, I wasn’t able to find anything that fit my specific need, so I set out to roll my own. I read an article this morning from somebody who had ostensibly encountered the same problem as I, and was able to come up with a much different solution than what I had come up with. Therefore I thought it would be fun to share some of the details of my approach....

Everyone loves writing web apps. They’re just amazing at doing everything. Ever.

One of the more interesting aspects of writing web applications is how often you see yourself doing the same thing over and over again....

Following the lead of Daniel and Lee, and outright stealing the concept and content of Lee’s blog post (he tagged me so it’s sort of ok,) I’ve decided to finally take 10 minutes to create a conference plan for RailsConf 2007.

This year was a damn sight easier to choose which talks to attend, despite the horrendous fact that there seem to be up to 5 talks running parallel to each other in some cases. The reason for said ease in choosing is due to the fact that, well, most of the talks just don’t look incredibly interesting to me (read: waste of money!)...

Well, today is an exciting day for me and the team of wonderful Rubyists I have the pleasure of working with on a daily basis. Why is today so great? Well after many long sleepless hours we’ve finally finished and launched some major projects for AT&T and the Williams F1 team.

www.attwilliams.com is what we believe to currently be the largest Flash application that’s powered by a Ruby on Rails and Oracle backend. We’ve also released full featured media and content management sections for the above site (can’t give out those urls!)...

Well, a few weeks back I posted about some potential security issues with Campfire.

As it turns out there are a few more interesting issues that we hadn’t yet found at that time. While we were messing around to see if you could put avatars in names via image tags, we discovered that certain places in Campfire were not replacing entities on the html, and were therefore running it. To some this issue may seem trivial, but I suggest that it’s actually potentially more dangerous than the issues discussed in my previous post....

Today I got extremely sick of coming on to see many hundreds of emails in my inbox from spam bots. I know a few posts ago I mentioned that I would be looking out for a solution, and I did. Unfortunately I have the attention span of a 3 year old and I forgot what I was doing fairly quick.

Today I was doing my normal blog run and I stopped by the site of a friend and co worker Douglas F Shearer when I happened across this post on his blog. Toward the end of the post he makes a short mention about how he’s now using something called Akismet as a potential guard against spam....

So recently I’ve been using Campfire quite a bit, and I couldn’t help but notice some really obvious exploits that just shouldn’t be there.

Like what, you ask? Well how about the cool feature that takes any submitted image url (actually any url ending with a specific extention) and putting it in image tags in chat. Things like this can be used to execute scripts locally in the browser of anybody viewing chat by simply changing the extension (and at a push the mime type if extension alone doesn’t work) of a script and pasting it into campfire. If your script is malicious it can do such nice things as steal cookies from viewers, force them to see infinite loops, etc....

I have this little nugget of information that I discovered many months ago, but I’d always had a fairly easy time keeping it to myself as I wasn’t yet powering the internet with my blog.

However, now that I have a canvas with which to paint crap on, I figure now is as good a time as any to hip some fellow developers to a pretty useful and undocumented (or maybe everyone already knows what it is to the point that nothing needs to be said) feature of Ruby....