Andreas Happe: rails

Capybara for automating Pen-Tests

After a successful penetration test a re-test is performed. The common approach is that the customer fixes the code and I perform the necessary steps to confirm that that initial security breach was closed. Sometimes it takes the customer a couple of tries to achieve that. Most security problems (XSS, CSRF, SQLi) can easily be automated tested, but I had problems automating server-side authentication and authorization problems. The test would have to emulate multiple parallel user sessions.

September 9, 2014 in linux security rails tech

Migrating to Middleman

My blog has a history of migrations. It started as wordpress, then was converted Octopress. After Octopress was missing update-love and jekyll started to be actively maintained again it switched over to jekyll. And now, it finally is based upon Middleman. Sorry for any inconvinient bugs or layout errors that will happen during the migration. Why have I switched to middleman? as I’m a RoR devleoper it seems better suited for me.

September 9, 2014 in linux rails tech

Linux: How to forward port 3000 to port 80

Another small tip: to locally forward port 80 to port 3000 use the following Linux iptables command: 1 $ sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3000 You can use this command to allow customers to connect to your locally run Ruby on Rails setup (as long as you have some port forwarding set up on your local router). I am using this to develop facebook open graph apps as the application URL (that is configured within facebook’s app controll page) cannot include a custom port (like 3000).

November 18, 2012 in linux tech rails

Moving OctoPress to Amazon S3 and CloudFront

OctoPress is embraced for its simplicity: write blog posts, save them, generate HTML pages and move those upon a web server. As no code is executed server-side every page can be cached and security risks are low. So far I’m hosting my blog on a rented hetzner root-server in Germany. While there’s no server-side security problem I’m still using a full blown server which imposes maintenance overhead on me. No peace of mind.

November 3, 2012 in tech linux rails security

Generating PDFs with wicked_pdf

Ruby on Rails is perfect for creating web applications but sometimes you just need to create some documents which can be stored or send through email. While printing is no problem with CSS not all users are able to “save/print page as pdf”. The ubiquitous Adobe PDF file format seems to be a perfect solution for this problem. The common solution for this is Prawn (also see the RailsCast about it).

May 1, 2012 in tech development rails