book

RESTful Rails Development

by Silvia Puglisi

October 2015

Intermediate to advanced

350 pages

7h 26m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Why Rails and Not Node.jsWhy (I Think) You Should Read This BookWhat You Will Find in This BookWhat You Will Not Find in This Book (And Where You Can Go for Answers)ResourcesCoding StyleConventions Used in This BookUsing Code ExamplesHow to Contact UsAcknowledgments
REST and HTTPArchitectural AbstractionsIntroducing RESTRESTful Programming and HypermediaDesign ConceptsRESTful ArchitecturesRESTful Interfaces: Hypermedia and Action ControlsWrapping Up
Getting to Know Ruby on RailsSetting Up Ruby and RailsRVMrbenvUsing an InstallerThe Architecture of a Rails AppModel-View-ControllerObject-Relational MappingBundlerChoosing an EditorHello RailsTest-Driven DevelopmentWrapping Up
Application Programming InterfacesDos of API DevelopmentDo KISS and DRYDo URI DesignWhy You Should Use Rails to Build APIsThe WikiCat APIPreparing the DatabaseScaffolding the ModelsCoding Controllers and SerializersTestingWrapping Up
Life Is CRUDRESTful RailsTesting RESTful Routing in RailsHTTP SemanticsGETHEADPOSTPUTDELETEWrapping Up
Hypermedia and Adaptable APIsREST PatternsCreating Hypermedia InterfacesResource-Oriented ThinkingDesigning Explorable ResourcesHATEOASThe WikiCat Hypermedia APIWrapping Up
Asynchronous RESTful OperationsAsynchronous REST in RailsRails Workers and Background JobsCreating an Application Skeleton in Three Easy StepsUploading Images Through an API CallCreating Workers and a Jobs QueueCreating a Resource QueueCallbacksWebSocketsWrapping Up
Testing in RailsMocks, Stubs, Doubles, and DummiesTesting RESTful ServicesWrapping Up
Basics of SOA and Distributed Systems DesignLegaciesHeterogeneityComplexityRedundancyMicroservices ParadigmsThe Evolutionary ApproachThinking in Terms of Microapplications and ServicesThe Thematic Walks APIThe Wikipin APIThe Citywalks APIDiscovering the /lib DirectoryDefining the ModelsBuilding the ControllersWrapping Up
Wanderings in Frontend LandRendering and Templating in RailsEmber.js: A Framework for Creating Ambitious Web ApplicationsDesigned for Application DevelopmentMVC Paradigm of FrontendRails MVC Versus Ember.js MVCPlanning the ApplicationGetting Started with Ember.jsModeling DataRouting in Ember.jsDefining the TemplatesWriting a ComponentExploring Walks Through CategoriesWrapping Up

How Is an API Deployed?API ManagementPaaS SolutionsDeploying the Wikipin API on OpenShiftPreliminary StepsMeet JenkinsWrapping Up
API ManagementAPIs Are Not Consumer ProductsManaging Your Community’s HappinessDeveloper ProgramsApp and API QualityUser HappinessData Management and AnalyticsWrapping Up
Creating a Weather ServiceIf This Then SomethingAdhering to the Terms of ServiceAsynchronous RESTWrapping Up
Web Development Is a Broad TermDeveloping for MobileStreaming Data into a Firefox OS AppDeveloping an Internet of Things AppRails on the Raspberry PiCreating the Raspboard AppWrapping Up
Data Comes from EverywhereMonolithic Versus Microapplication ArchitecturesMonitor, Optimize, and EnhanceApplication LogsMonitor Request Response TimesMonitor ProcessesMonitor Your Server DiagnosticsComprehensive Monitoring SolutionsActions and EventsPlotting DataWrapping Up
Scaling RailsCreating a Middleware for Different APIs to CommunicateConfiguring a Reverse Proxy with NginxMeet LuaBundle Things TogetherCachingScaling Is Not Necessarily Difficult and PainfulWrapping Up
How to Protect User Privacyk-anonymityDifferential PrivacyPrivacy-Enhancing TechnologiesIs My Data Safe?Common Sources of InsecurityIs Rails Secure?SessionsCross-Site Request ForgeryRedirectionFile UploadFile DownloadLogsConclusions
Everything Started with HypertextCreating an HTTP Server in Ruby, QuicklyThe HTTP ProtocolArchitectureParametersMessagesConnectionsStatus Code DefinitionsAccess AuthenticationContent NegotiationCachingSecurity Considerations

Content preview from RESTful Rails Development

Chapter 16. Privacy and Security

This chapter considers privacy and security issues that should be evaluated while writing a RESTful application or service. Our discussion will go beyond the usual Rails recommendations and security best practices; we will also explore the implications of handling and collecting data about users’ behavior and preferences.

How to Protect User Privacy

Privacy is currently one of those hot topics in information technology. This is probably because there are two primary opposing views on the subject:

Users do not care about privacy.
Users wouldn’t want to be “social” if they knew what it really meant for their privacy.

Both views are utterly right and utterly wrong at the same time. The truth in fact is that users do see a benefit in disclosing their preferences and in having websites collect their data. They receive value back in terms of utility, or in other words a better service already filtered and tailored for their needs and tastes. Still, by collecting user data, over time you will end up with a history of your users’ behavior on your platform, and some information about their activity on other platforms as well. This can be a potential source of a whole class of issues.

The first important step when it comes to security is understanding what kinds of sensitive data your service is storing. This may include anything from credit card and banking information, to physical addresses or personal preferences that the users would like to keep ...