Recently I was given the task of integrating a (complete for all intents and purposes) PHP application with our main Ruby on Rails application. Because the PHP application needed to display a similar interface and required knowledge of the user’s account, I needed a way to access that data from the database both applications were now sharing. The only real requirement I had was that I absolutely didn’t want to make the user login to the PHP app if they were already authenticated on the Rails side of things as this seemed unnecessary and interrupted the flow things.

I did a bit of searching and, while I did find the wiki page on going from PHP -> Rails, I wasn’t able to find anything that fit my specific need, so I set out to roll my own. I read an article this morning from somebody who had ostensibly encountered the same problem as I, and was able to come up with a much different solution than what I had come up with. Therefore I thought it would be fun to share some of the details of my approach....

It’s been a very long time since I’ve used Kernel#Integer, but to my recollection it was simply coercion that raised an error if necessary, as an alternative to things like String#to_i which would simply return the first digits in a string, or 0 if the string did not contain a valid integer.

Since the program I was writing was receiving amounts in the form of strings representing cents, I figured it would be a natural fit. Leading zeros would be stripped off of anything under a buck, and I could simply rescue any ArgumentError and handle them appropriately....

Everyone loves writing web apps. They’re just amazing at doing everything. Ever.

One of the more interesting aspects of writing web applications is how often you see yourself doing the same thing over and over again....

Following the lead of Daniel and Lee, and outright stealing the concept and content of Lee’s blog post (he tagged me so it’s sort of ok,) I’ve decided to finally take 10 minutes to create a conference plan for RailsConf 2007.

This year was a damn sight easier to choose which talks to attend, despite the horrendous fact that there seem to be up to 5 talks running parallel to each other in some cases. The reason for said ease in choosing is due to the fact that, well, most of the talks just don’t look incredibly interesting to me (read: waste of money!)...

Well, today is an exciting day for me and the team of wonderful Rubyists I have the pleasure of working with on a daily basis. Why is today so great? Well after many long sleepless hours we’ve finally finished and launched some major projects for AT&T and the Williams F1 team.

www.attwilliams.com is what we believe to currently be the largest Flash application that’s powered by a Ruby on Rails and Oracle backend. We’ve also released full featured media and content management sections for the above site (can’t give out those urls!)...

More often than not I see sites that have a mailto link with an exposed email. This is setting yourself up to have your email harvested.

A quick and easy trick that you can use to hide emails from spiders is to replace the letters with html characters....

Well, a few weeks back I posted about some potential security issues with Campfire.

As it turns out there are a few more interesting issues that we hadn’t yet found at that time. While we were messing around to see if you could put avatars in names via image tags, we discovered that certain places in Campfire were not replacing entities on the html, and were therefore running it. To some this issue may seem trivial, but I suggest that it’s actually potentially more dangerous than the issues discussed in my previous post....

Today I got extremely sick of coming on to see many hundreds of emails in my inbox from spam bots. I know a few posts ago I mentioned that I would be looking out for a solution, and I did. Unfortunately I have the attention span of a 3 year old and I forgot what I was doing fairly quick.

Today I was doing my normal blog run and I stopped by the site of a friend and co worker Douglas F Shearer when I happened across this post on his blog. Toward the end of the post he makes a short mention about how he’s now using something called Akismet as a potential guard against spam....

So recently I’ve been using Campfire quite a bit, and I couldn’t help but notice some really obvious exploits that just shouldn’t be there.

Like what, you ask? Well how about the cool feature that takes any submitted image url (actually any url ending with a specific extention) and putting it in image tags in chat. Things like this can be used to execute scripts locally in the browser of anybody viewing chat by simply changing the extension (and at a push the mime type if extension alone doesn’t work) of a script and pasting it into campfire. If your script is malicious it can do such nice things as steal cookies from viewers, force them to see infinite loops, etc....

As an old PHP hat I’ve missed the ability of being able to grab a random number out of a range ala PHP’s sweet rand() function. Sure it’s easy to create an alternative, but it’s just not as convenient. Today a friend of mine had a need to do just that. However there was a catch: He needed to pull a random number from a range, yet ignore a variable amount of numbers from that range.

The solution I came up with, which I figured may be of some use to somebody, was this:...