SlideShare a Scribd company logo

Rails 3 and OAuth for Barcamp Tampa

Download as KEY, PDF
Bryce Kerley
Bryce Kerley
TechnologyEducation
1 of 92
Rails 3 and OAuth BarCamp Tampa, September 26, 2010
Who am I? Hello, I’m Bryce. I snuck up here from Miami. I make web applications with Ruby on Rails. I tweet as @bonzoesc
Quick Disclaimer This used to be two presentations but I combined them. Thanks for your cooperation!
What is Rails? Ruby on Rails® is an open-source web framework that’s optimized for programmer happiness and sustainable productivity. It lets you write beautiful code by favoring convention over con guration. - http://rubyonrails.org/
What is Rails? Rails is a way to build web applications quickly and be able to maintain them in the future.
What is Rails? Twitter Scribd Hulu Less Accounting Basecamp Shopify Groupon Get Satisfaction Lighthouse Urban Dictionary Github Kongregate
What is Rails? Four main parts
What is Rails? ActiveRecord turns database into Ruby objects
What is Rails? ActionController turns web requests into Ruby method calls
What is Rails? ActionView turns Ruby code into web responses
What is Rails? Railties turns the parts into Rails
History
So What? Rails 3 feels like Rails in the right places.
So What? Rails 3 is as exible as Merb.
The Speci cs
ActiveRecord Database interactions
ActiveRecord Classic @published = Post.find( :all, :where=>{:published=>true}, :order=>'created_at desc' ) @unpublished = Post.find( :all, :where=>:published=>false}, :order=>'created_at desc' )
ActiveRecord Arel @ordered = Post.order('created_at asc') @published = @ordered.where(:published=>true) @unpublished = @ordered.where(:published=>false)
ActiveRecord Arel Compositional Chainable Less code Lazy
ActiveModel Put the ActiveRecord features you love on plain, non-database objects
ActiveModel Validations Serialization (JSON, XML) Callbacks (before_save) Translations
ActionController Handling requests
Responder Exposed to the developer for the rst time
Responder Allows precise yet reusable control of how responses are generated
Responder class EpisodesController < ApplicationController   respond_to :html, :xml, :json   def index     @episodes = Episode.all     respond_with @episodes   end end
CSRF Protection Cross-Site Request Forgery is an attack allowing an attacker to impersonate a user.
CSRF Protection 1. User clicks link in a friend’s tweet to http://evilsite.us/
CSRF Protection 2. User clicks play on a video on http://evilsite.us/
CSRF Protection 3. User ends up tweeting link to http://evilsite.us/
CSRF Protection Note that Twitter isn’t vulnerable to this.
CSRF Protection Note that Twitter isn’t vulnerable to this. They use Rails’ built-in CSRF protection.
CSRF Protection Enabled by default Transparent Use the built-in form builders
ActionView Producing responses
XSS Protection Cross Site Scripting is a class of attack allowing an attacker to execute code on a user’s web browser.
XSS Protection 1. User watches video on YouTube
XSS Protection 2. Malicious code in the comments cause the user to post malicious code in videos they’re previously watched.
XSS Protection Rails 3 has protection for this built in and enabled by default. Think hard before using raw output in views.
A side note Curious about CSRF and XSS attacks? Hack Miami had presentations about these vulnerabilities on Saturday, September 18. Hop in your DeLorean to learn more! http://hackmiami.org/
Unobtrusive JavaScript Rails 1 & 2 injected JavaScript into pages to make AJAX features work.
Unobtrusive JavaScript Rails 3 annotates the HTML with special properties.
Unobtrusive JavaScript There are drivers for Prototype, jQuery, and more.
No more scripts/* The scripts directory used to contain tools for generating and running your application.
No more scripts/* Rails 3 does this with the rails tool.
Big Changes ActiveRecord: Arel, ActiveModel ActionController: CSRF protection, ActionController::Responder ActionView: XSS Protection, Unobtrusive JavaScript Railties: No more scripts/*
Authorization with OAuth
Authentication Authentication is proving who you are.
Authentication •Driver’s license •Passport •Fingerprint on le
Authorization Authorization is letting something happen on your behalf.
Authorization •Signature on a contract •Key in your car’s ignition •Verbal permission
Authentication and Authorization Two security primitives that taste great together!
On the Web
The Old Stupid Way
The Old Stupid Way • You want TripIt to read your address book. • You don’t want TripIt to read all your email.
Another Bad Idea
Another Bad Idea • How do you revoke access? • How do you revoke access to only one client? • How do you ensure clients only do certain things?
OAuth
OAuth An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications. - http://oauth.net/
OAuth OAuth lets you limit and control client applications working on your behalf.
OAuth Facebook Yahoo Twitter Net ix Github Picomoney Google 37signals
An OAuth Session 1.You nd a useful website that reads your friends’ tweets about movies, and adds them to your Net ix queue.
An OAuth Session 2.You click the “Connect with Net ix” button, and are redirected to: https://api-user.net ix.com/
An OAuth Session 3.You enter your Net ix account information, and are returned to the client website.
An OAuth Session 4.You click the “Connect with Twitter” button, and are redirected to: https://api.twitter.com/
An OAuth Session 5.You enter your Twitter account information, and are returned to the client website.
An OAuth Session The client application gets tokens for each service.
An OAuth Session If you decide (at any time) to quit using the service, you can visit Twitter and Net ix and revoke its authorization.
An OAuth Session
The Guts 1. The consumer (client) asks the provider (server) for a new blank request token, and sends the user to the provider with that request token.
The Guts 2. The user authenticates with the provider, and accepts (or denies) the authorization the consumer wants.
The Guts 3. The user is redirected back to the consumer with a request token bound to that user.
The Guts 4. The consumer gives the request token to the server in exchange for an access token.
The Guts 5. The consumer can use the access token as authorization.
OAuth 2 OAuth 1.0a and 2 are different and incompatible.
OAuth 1 or 2? If you’re making a consumer, the provider made that choice for you.
OAuth 1 or 2? If you’re making a provider, OAuth 2.
Getting Started
I Didn’t Finish My Demo
Photo Credits http://www. ickr.com/photos/lazytom/320269269/ http://www. ickr.com/photos/andrewmbutler/428388719/ http://www. ickr.com/photos/emdurso/2686817699/ http://www. ickr.com/photos/beleaveme/1871344753/ http://www. ickr.com/photos/beleaveme/4676893419/ http://www. ickr.com/photos/scottobear/186001665/ (pretty smug about Tri-Rail photos in a Rails 3 presentation)
Photo Credits http://www. ickr.com/photos/95453014@N00/451238739/ http://www. ickr.com/photos/mattkieffer/4671197999/ http://www. ickr.com/photos/italintheheart/4018162624/ http://www. ickr.com/photos/spbutterworth/2756176408/ http://www. ickr.com/photos/gesteves/3336482837/
Look at Stuff http://db.tt/wDfs5nd - slides (keynote & pdf) http://bit.ly/r3oauth - half- nished source http://twitter.com/bonzoesc
Questions
Thanks!
What I’m Using • Ruby 1.8.7 • Rails 3 • “twitter” gem
Follow along! The hexits at the bottom of the slide are a git commit number. http://bit.ly/r3oauth
Build the Skeleton > rails new oauthdemo fbdb7051
Add Gems Gem le: gem 'oauth' > bundle install 96919add
Start the Server > rails s
Add a Users table > rails g model user screen_name:string twitter_token:string twitter_secret:string 3473158b
Stub Controller > rails g controller authorization new show 767512e2
Stub Controller con g/routes.rb: Oauthdemo::Application.routes.draw do   resource :authorization app/controllers/authorization_controller.rb: class AuthorizationController < ApplicationController …   def create   end   def destroy   end 2dd53ba0
OAuth Con guration con g/initializers/twitter.rb: TWITTER_OAUTH_TOKENS = {   :key=>'DCtwdGNS38Sr9JN…',   :secret=>'gJ6RN7Nblq9t…' } bb1dd05b

Recommended

Introduction to rg\injection
Introduction to rg\injectionIntroduction to rg\injection
Introduction to rg\injectionBastian Hofmann
 
How to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesHow to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesBastian Hofmann
 
Intro to developing for @twitterapi
Intro to developing for @twitterapiIntro to developing for @twitterapi
Intro to developing for @twitterapiRaffi Krikorian
 
Intro to developing for @twitterapi (updated)
Intro to developing for @twitterapi (updated)Intro to developing for @twitterapi (updated)
Intro to developing for @twitterapi (updated)Raffi Krikorian
 
What's happening here?
What's happening here?What's happening here?
What's happening here?Raffi Krikorian
 
Beware the potholes
Beware the potholesBeware the potholes
Beware the potholesYan Cui
 
Akka Presentation Schule@synyx
Akka Presentation Schule@synyxAkka Presentation Schule@synyx
Akka Presentation Schule@synyxFlorian Hopf
 
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)PacSecJP
 

Recommended

Introduction to rg\injection
Introduction to rg\injectionIntroduction to rg\injection
Introduction to rg\injectionBastian Hofmann
 
How to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesHow to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesBastian Hofmann
 
Intro to developing for @twitterapi
Intro to developing for @twitterapiIntro to developing for @twitterapi
Intro to developing for @twitterapiRaffi Krikorian
 
Intro to developing for @twitterapi (updated)
Intro to developing for @twitterapi (updated)Intro to developing for @twitterapi (updated)
Intro to developing for @twitterapi (updated)Raffi Krikorian
 
What's happening here?
What's happening here?What's happening here?
What's happening here?Raffi Krikorian
 
Beware the potholes
Beware the potholesBeware the potholes
Beware the potholesYan Cui
 
Akka Presentation Schule@synyx
Akka Presentation Schule@synyxAkka Presentation Schule@synyx
Akka Presentation Schule@synyxFlorian Hopf
 
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)PacSecJP
 
API SECURITY
API SECURITYAPI SECURITY
API SECURITYTubagus Rizky Dharmawan
 
API Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsAPI Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsTom Johnson
 
Building Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in RailsBuilding Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in RailsJim Jeffers
 
Web Design World Flickr
Web Design World FlickrWeb Design World Flickr
Web Design World Flickrroyans
 
video conference (peer to peer)
video conference (peer to peer)video conference (peer to peer)
video conference (peer to peer)mohamed amr
 
Watch How the Giants Fall
Watch How the Giants FallWatch How the Giants Fall
Watch How the Giants Falljtmelton
 
How do I - Networking and Webservices - Transcript.pdf
How do I - Networking and Webservices - Transcript.pdfHow do I - Networking and Webservices - Transcript.pdf
How do I - Networking and Webservices - Transcript.pdfShaiAlmog1
 
It and ej
It and ejIt and ej
It and ejHarihar Kalia
 
Putting Microservices on a Diet: with Istio!
Putting Microservices on a Diet: with Istio!Putting Microservices on a Diet: with Istio!
Putting Microservices on a Diet: with Istio!QAware GmbH
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management
 
Let's Get Real (time): Server-Sent Events, WebSockets and WebRTC for the soul
Let's Get Real (time): Server-Sent Events, WebSockets and WebRTC for the soulLet's Get Real (time): Server-Sent Events, WebSockets and WebRTC for the soul
Let's Get Real (time): Server-Sent Events, WebSockets and WebRTC for the soulSwanand Pagnis
 
Making things that work with us - Distill
Making things that work with us - DistillMaking things that work with us - Distill
Making things that work with us - DistillMatteo Collina
 
Basics of web
Basics of webBasics of web
Basics of webRounak Samdadia
 
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...Atlassian
 
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...Atlassian
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Microservices for the Masses with Spring Boot and JHipster - RWX 2018
Microservices for the Masses with Spring Boot and JHipster - RWX 2018Microservices for the Masses with Spring Boot and JHipster - RWX 2018
Microservices for the Masses with Spring Boot and JHipster - RWX 2018Matt Raible
 
Cloud Foundry API for Fun and Ops
Cloud Foundry API for Fun and OpsCloud Foundry API for Fun and Ops
Cloud Foundry API for Fun and OpsChris DeLashmutt
 
Intro to WebSockets
Intro to WebSocketsIntro to WebSockets
Intro to WebSocketsGaurav Oberoi
 
IRJET- Proof of Document using Multichain and Ethereum
IRJET- Proof of Document using Multichain and EthereumIRJET- Proof of Document using Multichain and Ethereum
IRJET- Proof of Document using Multichain and EthereumIRJET Journal
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 

More Related Content

Similar to Rails 3 and OAuth for Barcamp Tampa

API Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsAPI Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsTom Johnson
 
Building Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in RailsBuilding Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in RailsJim Jeffers
 
Web Design World Flickr
Web Design World FlickrWeb Design World Flickr
Web Design World Flickrroyans
 
video conference (peer to peer)
video conference (peer to peer)video conference (peer to peer)
video conference (peer to peer)mohamed amr
 
Watch How the Giants Fall
Watch How the Giants FallWatch How the Giants Fall
Watch How the Giants Falljtmelton
 
How do I - Networking and Webservices - Transcript.pdf
How do I - Networking and Webservices - Transcript.pdfHow do I - Networking and Webservices - Transcript.pdf
How do I - Networking and Webservices - Transcript.pdfShaiAlmog1
 
Putting Microservices on a Diet: with Istio!
Putting Microservices on a Diet: with Istio!Putting Microservices on a Diet: with Istio!
Putting Microservices on a Diet: with Istio!QAware GmbH
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management
 
Let's Get Real (time): Server-Sent Events, WebSockets and WebRTC for the soul
Let's Get Real (time): Server-Sent Events, WebSockets and WebRTC for the soulLet's Get Real (time): Server-Sent Events, WebSockets and WebRTC for the soul
Let's Get Real (time): Server-Sent Events, WebSockets and WebRTC for the soulSwanand Pagnis
 
Making things that work with us - Distill
Making things that work with us - DistillMaking things that work with us - Distill
Making things that work with us - DistillMatteo Collina
 
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...Atlassian
 
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...Atlassian
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Microservices for the Masses with Spring Boot and JHipster - RWX 2018
Microservices for the Masses with Spring Boot and JHipster - RWX 2018Microservices for the Masses with Spring Boot and JHipster - RWX 2018
Microservices for the Masses with Spring Boot and JHipster - RWX 2018Matt Raible
 
Cloud Foundry API for Fun and Ops
Cloud Foundry API for Fun and OpsCloud Foundry API for Fun and Ops
Cloud Foundry API for Fun and OpsChris DeLashmutt
 
IRJET- Proof of Document using Multichain and Ethereum
IRJET- Proof of Document using Multichain and EthereumIRJET- Proof of Document using Multichain and Ethereum
IRJET- Proof of Document using Multichain and EthereumIRJET Journal
 

Similar to Rails 3 and OAuth for Barcamp Tampa (20)

API SECURITY
API SECURITYAPI SECURITY
API SECURITY
 
API Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsAPI Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIs
 
Building Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in RailsBuilding Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in Rails
 
Web Design World Flickr
Web Design World FlickrWeb Design World Flickr
Web Design World Flickr
 
video conference (peer to peer)
video conference (peer to peer)video conference (peer to peer)
video conference (peer to peer)
 
Watch How the Giants Fall
Watch How the Giants FallWatch How the Giants Fall
Watch How the Giants Fall
 
How do I - Networking and Webservices - Transcript.pdf
How do I - Networking and Webservices - Transcript.pdfHow do I - Networking and Webservices - Transcript.pdf
How do I - Networking and Webservices - Transcript.pdf
 
It and ej
It and ejIt and ej
It and ej
 
Putting Microservices on a Diet: with Istio!
Putting Microservices on a Diet: with Istio!Putting Microservices on a Diet: with Istio!
Putting Microservices on a Diet: with Istio!
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
 
Let's Get Real (time): Server-Sent Events, WebSockets and WebRTC for the soul
Let's Get Real (time): Server-Sent Events, WebSockets and WebRTC for the soulLet's Get Real (time): Server-Sent Events, WebSockets and WebRTC for the soul
Let's Get Real (time): Server-Sent Events, WebSockets and WebRTC for the soul
 
Making things that work with us - Distill
Making things that work with us - DistillMaking things that work with us - Distill
Making things that work with us - Distill
 
Basics of web
Basics of webBasics of web
Basics of web
 
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
 
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Microservices for the Masses with Spring Boot and JHipster - RWX 2018
Microservices for the Masses with Spring Boot and JHipster - RWX 2018Microservices for the Masses with Spring Boot and JHipster - RWX 2018
Microservices for the Masses with Spring Boot and JHipster - RWX 2018
 
Cloud Foundry API for Fun and Ops
Cloud Foundry API for Fun and OpsCloud Foundry API for Fun and Ops
Cloud Foundry API for Fun and Ops
 
Intro to WebSockets
Intro to WebSocketsIntro to WebSockets
Intro to WebSockets
 
IRJET- Proof of Document using Multichain and Ethereum
IRJET- Proof of Document using Multichain and EthereumIRJET- Proof of Document using Multichain and Ethereum
IRJET- Proof of Document using Multichain and Ethereum
 

Recently uploaded

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 

Recently uploaded (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 

Rails 3 and OAuth for Barcamp Tampa

Editor's Notes

  12. Merb started as a smaller, simpler Rails. Merb didn&amp;#x2019;t force you to use some of the libraries that Rails 1 &amp; 2 did. In December 2008, the Rails and Merb teams announced they were merging and collaborating on Rails 3.
  15. ActiveRecord: Arel, ActiveModel ActionController: CSRF protection, ActionController::Responder ActionView: XSS Protection, Unobtrusive JavaScript Railties: No more scripts/*
  24. Easily add XML or JSON support to a resource. Add pagination support for HTML views.
  26. For example, visiting http://malicious.site/ could post a message as you on Twitter.
  32. Unless you go through the work to disable this, you won&amp;#x2019;t have to worry
  39. On a page with 100 AJAX buttons, this could double the size of the page load.
  40. The client downloads a driver once per site, instead of on every page load.
  42. The most &amp;#x201C;gotcha&amp;#x201D; of the rails changes. When upgrading Rails, these scripts would have to be added to or replaced.
  43. When new versions are released, you won&amp;#x2019;t have to update any scripts.