Skip navigation

Preventing cross-site request forgery

Preventing cross-site request forgery: Ruby on Rails 3 Essential Training
Preventing cross-site request forgery: Ruby on Rails 3 Essential Training

Join for an in-depth discussion in this video Preventing cross-site request forgery, part of Ruby on Rails 3 Essential Training.

Resume Transcript Auto-Scroll
Skill Level Beginner
12h 27m
Duration
1,290,286
Views
Show More Show Less

Q: When running the AlterUsers migration as described in the "Migration methods" video, I am getting "rake aborted!" with an "Invalid Date: BTREE" error. What could be causing this error?<br />

A: add_index is causing the problem. There appears to be in a bug in either the MySQL2 gem or in the MySQL lib file. Some users have reported that using the libmysql.dll file from MySQL 5.1 (32-bit) will fix the problem. The simplest fix is to comment out that line in the migration. Your code will still work; not having an index on the column will just slow down some database lookups.<br />

<span style="font-family: Tahoma, Geneva, sans-serif; font-size: 13px; ">Q: When I try to open up the server (WEBrick) by typing "rails server", as shown in the movie "Accessing a project", I receive the following error:</span> <div><span style="font-family: Tahoma,Geneva,sans-serif; font-size: 13px;"><br /> </span><span style="font-family: Courier; font-size: 10pt;">Gem::Specification#default_executable= called from /Library/Ruby/Gems/1.8/specifications/rubygems-update-1.8.3.gemspec:11./Library/Ruby/Gems/1.8/gems/mysql2-0.3.2/lib/mysql2/mysql2.bundle: dlopen(/Library/Ruby/Gems/1.8/gems/mysql2-0.3.2/lib/mysql2/mysql2.bundle,&nbsp;</span><span style="font-family: Courier; font-size: 10pt;">9): Library not loaded: libmysqlclient.18.dylib (LoadError)</span> <div><span style="font-family: Courier; font-size: 10pt;">Referenced from: /Library/Ruby/Gems/1.8/gems/mysql2-0.3.2/lib/mysql2/mysql2.bundle<br /></span><span style="font-family: Courier; font-size: 10pt;"> Reason: image not found - /Library/Ruby/Gems/1.8/gems/mysql2-0.3.2/lib/mysql2/mysql2.bundle</span> </div> </div>

<span style="font-family: Tahoma, Geneva, sans-serif; font-size: 13px; ">The installation problem on Mac OS X Snow Leopard is likely caused by a bug in the mysql2 gem that appeared when MySQL 5.5 came out. Hopefully newer versions of MySQL or the mysql2 gem will fix them problem. Until then, a detailed solution to the problem can be found at&nbsp;<a href="http://freddyandersen.wordpress.com/2010/10/03/mysql-5-5-snow-leopard-and-rails" target="_blank">http://freddyandersen.wordpress.com/2010/10/03/mysql-5-5-snow-leopard-and-rails</a>.</span>

<div>Q: While performing the steps outlined in the "Migration methods" video, I'm receiving an error. The rake db:migrate works fine, but rake db:migrate VERSION=0 results in the following error:</div> <div>&nbsp;<font><font style="font-family: Tahoma,Geneva,sans-serif; font-size: 10pt;"><br /> <span style="font-family: Courier; font-size: 10pt;">rake aborted!</span><br /><span style="font-family: Courier; font-size: 10pt;"> An error has occurred, all later migrations canceled:</span><br /> <br /><span style="font-family: Courier; font-size: 10pt;"> Index name 'index_admin_users_on_username' on table 'admin_users' does not exist.</span><br /> </font></font> </div>

<div>A: To isolate the error, comment out that line and any others that are resulting in errors. <font style="font-family: Tahoma, Geneva, sans-serif; font-size: 10pt">Then try again. Once you get to VERSION 0, then uncomment them again. </font></div> <div>&nbsp;</div> <div><font><font style="font-family: Tahoma, Geneva, sans-serif; font-size: 10pt">This is also explained in the movie "Solving migration problems" later in the chapter.</font></font> <br /> </div>

Q: I'm OS X 10.6.7 and there's a problem with RubyGems 1.8.1 and the database won't start. Should I somehow delete RubyGems and use and earlier version? How doing I get out of this pickle and start again to complete the course? The error message in Terminal reads:<br /><br /><span style="font-family: Courier; font-size: 10pt;">NOTE: Gem::Specification#default_executable= is deprecated with no replacement. It will be removed on or after 2011-10-01.</span><br /><span style="font-family: Courier; font-size: 10pt;">Gem::Specification#default_executable= called from /Library/Ruby/Gems/1.8/specifications/rubygems-update-1.8.1.gemspec:11.</span><br />&nbsp;<br /><span style="font-family: Courier; font-size: 10pt;">user$ pwd</span><br /><span style="font-family: Courier; font-size: 10pt;">/Users/user/Sites/simple_cms</span><br /><span style="font-family: Courier; font-size: 10pt;">user$ rails server</span><br /><span style="font-family: Courier; font-size: 10pt;">NOTE: Gem::Specification#default_executable= is deprecated with no replacement. It will be removed on or after 2011-10-01.</span><br /><span style="font-family: Courier; font-size: 10pt;">Gem::Specification#default_executable= called from /Library/Ruby/Gems/1.8/specifications/rubygems-update-1.8.1.gemspec:11.</span><br /><span style="font-family: Courier; font-size: 10pt;">NOTE: Gem::Specification#default_executable= is deprecated with no replacement. It will be removed on or after 2011-10-01.</span><br /><span style="font-family: Courier; font-size: 10pt;">Gem::Specification#default_executable= called from /Library/Ruby/Gems/1.8/specifications/rubygems-update-1.8.1.gemspec:11.</span><br /><span style="font-family: Courier;">NOTE: Gem::Specification#default_executable= is deprecated with no replacement. It will be removed on or after 2011-10-01.</span>

A: The first section, with "default_executable= is deprecated", is just a bunch of annoying warning messages. A lot of people in the Rails community are annoyed about it.<br /><br />First try: <span style="font-family: Courier; font-size: 10pt;">gem pristine --all --no-extensions</span><br /><br />If that doesn't fix it, then you can go back to the less-noisy version of RubyGems until all those other gems get updated to remove the code causing the warnings, using: <span style="font-family: Courier; font-size: 10pt;">sudo gem update --system 1.7.2</span><br /><br />The second part is the actual error:<br />&nbsp;<br /><span style="font-family: Courier; font-size: 10pt;">dyld: lazy symbol binding failed: Symbol not found: _mysql_get_client_info</span><br /><br />This is usually because you installed the wrong version of MySQL (32-bit vs. 64-bit).

Q: I'm trying to create a new subject, as shown in the Chapter 7 movie "Creating new records." I encounter a problem when I input:<br /> <br /><span style="font-family: Courier; font-size: 10pt;"> this subject = Subject.new9:name =&gt; "Forth Subject", :visible =&gt; true)</span><br /> <br /> I get the error message ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign<br /> protected attributes. What is the issue here?

A: Starting with Rails 3.2.3, released just this week, mass assignment security is turned on by default. (See <a target="_blank" href="http://weblog.rubyonrails.org/2012/3/30/ann-rails-3-2-3-has-been-released/">http://weblog.rubyonrails.org/2012/3/30/ann-rails-3-2-3-has-been-released/</a> and <a target="_blank" href="http://guides.rubyonrails.org/security.html#mass-assignment">http://guides.rubyonrails.org/security.html#mass-assignment</a> for more information.)<br /> <br /> You can deal with this change in one of two ways:<br /> <br /> 1. Turn off the security setting. Open config/application.rb and change config.active_record.whitelist_attributes to false instead of true. This makes your app a little less secure, but allows you to quickly move forward with the tutorial.<br /> <br /> 2. Work with the security settings. The proper technique is to go into each model (like Subject) and add attr_accessible for each field that a web form should be able to mass assign a value to. For example:<br /> <br /> <span style="font-family: Courier; font-size: 10pt;">class Subject &lt; ActiveRecord::Base</span><br /> <br /> <span style="font-family: Courier; font-size: 10pt;"> attr_accessible :name, :visible</span><br /> <br /> <span style="font-family: Courier; font-size: 10pt;"> end </span>

Q: When trying to create or connect to a database, I'm getting a "cannot login to localhost" error message. What's the solution?

A:&nbsp; As mentioned in the Chapter 4 "Accessing a project" video, localhost is an alias for the 127.0.0.1 ip address. If you have any problems connecting to localhost, default to using the IP address instead. Assign the host value in the database.yml file to the ip 127.0.0.1 instead of localhost.

Q: This course was updated on 8/12/2013. What changed?

A: We updated 12 movies to reflect changes to Ruby on Rails, as of version 3.2, and to accommodate the release of version 4.0. This includes updates to the Macintosh installation process, how you access a new project, loading stylesheets, and making model attributes accessible for mass assignment.

Continue Assessment

You started this assessment previously and didn't complete it. You can pick up where you left off, or start over.

Start Your Free Trial Now

Start your free trial now, and begin learning software, business and creative skills—anytime, anywhere—with video instruction from recognized industry experts.

Start Your Free Trial Now