Jazzing with Sinatra
My second introduction to the world of web-making with ruby sure was an interesting one. Having previously had limited exposure to Ruby on Rails, a web framework wasn’t a new concept. But it sure was a welcome refresher.
For the actual design, I decided to build upon my idea of a book app. The idea behind it is to provide the user with new recommendations for future reading, some basic information about the book, and let the user store books so they know exactly what they’ve got left on their agenda.
For the first 70 or so percent of the process, I was enjoying myself immensely. Getting to create elements, decide what does and does not get displayed. Transforming and manipulating data. It’s almost like playing with legos when I was a kid. The only real difference is, arranging legos won’t break the fabric of reality if one puts a piece in a strange place and an error akin to “Legos::placehere does not exist” won’t pop up. But the beauty of working with code is that it persists and simplifies life.
The next 30 percent is where the memes kicked in. Everything breaking left and right, noticing unprotected paths and realizing just how fragile technology is, and how important it is to pay attention to what’s going on underneath the hood. For example, SQL and script injections car wreak havoc if the database and the app are not secured properly. When a client has the freedom to interact with the database, it is vital to make sure the data they send is sanitized. Let’s take for example a very basic concept in programming. The concept of “OR”. If the data is unsanitized, a user can inject something akin to.. Model.where(name = ‘blah’ OR ‘0’=’0'). And that’s how somebody can easily steam all of the data from that model. With that said, it is crucial to prepare for such potentialities and know what the methods do behind the hood. What kind of queries they send and how to prevent any incidents.
My experience wouldn’t be properly incapsulated, however, unless I mentioned my journey through proper authentication and authorization of resources in the application. And I’m glad this is a lesson I’m learning to focus on early on in the game. Especially when it comes to nested resources. There can be many stipulations on whether the user is allowed to interact with a resource, and it’s safety 101 to make sure only the select few can view or modify certain resources. Be it through proper sanitization or authorization.