Giving Back to the Community
Since I became a full time contract developer, I’ve been leaning heavily on the community to find answers to questions, learning new technologies and techniques to add to my toolbox, and helping overcome any hurdles I may run across during any given day. Learning Ruby on Rails without having that developer to just lean over to and ask questions has been a difficult, frustrating, and at times extremely humbling experience. So in return back to the community that has helped me, I want to help those that are in a similar position as I am. In a sense, that is a goal of this blog, but in order to reach out even further, I will be contributing to Smashing Network’s Developer Drive. I would like to thank Jeff over there for giving me the opportunity to write for them. Stay tuned, as I will try and write there on a weekly basis.
Starting out as a newb in anything is always tough because you never really know what “the right” way to do things are. If you are anything like me, you can easily hack your way through things and get them to work, but are always afraid that you are missing something. Well, I’ve come up with my own list of best practices before I deploy a Rails application to the public.
- Some of these best practices are, of course, universal to any web application development effort, so I won’t go deep into them – but at least they are here for “the record.”
- Do NOT store user passwords as clear text.
- NEVER allow user submitted information fall directly into database queries.
- Always backup code, data AND user uploaded data such as images, documents, etc.
- Validate the content type and extension of user submitted files and make sure the upload directory is secured from running scripts.
Now onto the Rails specific practices. Some of these may be repeats from other lists that you may have encountered, but becoming a Rails developer I found that they were key to ensuring that my applications stayed secure and performed as designed.