Jazzing with Sinatra
My second introduction to the world of web-making with ruby sure was an interesting one. Having previously had limited exposure to Ruby on Rails, a web framework wasn’t a new concept. But it sure was a welcome refresher.
For the actual design, I decided to build upon my idea of a book app. The idea behind it is to provide the user with new recommendations for future reading, some basic information about the book, and let the user store books so they know exactly what they’ve got left on their agenda.
There are several interesting concepts I decided to stretch my abilities on. These include ajax calls and other implementations of javascript to create a more seamless user experience. These include the ability to search for a book in a search bar and populate the results with a call to a database and an API. These were very fun to work on and incredibly rewarding when it came to the finished product. Another major use was the functionality to let the user add and remove books from their lists. These were also done by manipulating the DOM and sending requests based on the click of a button, later changing the appearance of the button to notify the user of their choice.
For the first 70 or so percent of the process, I was enjoying myself immensely. Getting to create elements, decide what does and does not get displayed. Transforming and manipulating data. It’s almost like playing with legos when I was a kid. The only real difference is, arranging legos won’t break the fabric of reality if one puts a piece in a strange place and an error akin to “Legos::placehere does not exist” won’t pop up. But the beauty of working with code is that it persists and simplifies life.
The next 30 percent is where the memes kicked in. Everything breaking left and right, noticing unprotected paths and realizing just how fragile technology is, and how important it is to pay attention to what’s going on underneath the hood. For example, SQL and script injections car wreak havoc if the database and the app are not secured properly. When a client has the freedom to interact with the database, it is vital to make sure the data they send is sanitized. Let’s take for example a very basic concept in programming. The concept of “OR”. If the data is unsanitized, a user can inject something akin to.. Model.where(name = ‘blah’ OR ‘0’=’0'). And that’s how somebody can easily steam all of the data from that model. With that said, it is crucial to prepare for such potentialities and know what the methods do behind the hood. What kind of queries they send and how to prevent any incidents.
My experience wouldn’t be properly incapsulated, however, unless I mentioned my journey through proper authentication and authorization of resources in the application. And I’m glad this is a lesson I’m learning to focus on early on in the game. Especially when it comes to nested resources. There can be many stipulations on whether the user is allowed to interact with a resource, and it’s safety 101 to make sure only the select few can view or modify certain resources. Be it through proper sanitization or authorization.
