Displaying 20 results from an estimated 12000 matches similar to: "Best practice to manage ''id'' hacking?"
2005 Mar 03
19
Better tools for authoring the view
I''m hand editing my .css and .rhtml files using SciTE and hitting
refresh in my browser to see the results - its slow going.
What tools are people using to author their .css and .rhtml files?
Thanks,
Neville
_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
2005 Mar 05
4
''Session id'' hacking?
> Because you mentioned "cookie-hacking": it is very easy to
> take over a rails-session if you know the value of the
> session-cookie. It is not possible to prevent that easily,
> you can just make it harder by encrypting the whole session
> (right from the beginning when the user enters the site,
> and the cookie is created) by using https.
https will encrypted
2005 Mar 03
5
Whats ''favicon.ico''
I''m seeing the following in the WEBbrick console output after every GET
192.168.0.108 - - [03/Mar/2005:15:35:19 AUS Eastern Daylight Time] "GET
/favicon.ico HTTP/1.1" 200 60
- -> /favicon.ico
What does /favicon.ico (which doesnt seem to exist in my source) do for
Rails?
_______________________________________________
Rails mailing list
2005 Mar 09
10
Confused about extending the login generator ''user''
I''ve been using the login generator ''out of the box'' for simple
authentication, and its been working fine.
Now I want to extend it by simply adding ''type_id'' field which links to
my ''user_types'' table, but I''m hitting:
#<ActionController::SessionRestoreError: Session contained objects where
the class definition
2005 Mar 05
1
RE: Best practice to manage ''id'' hacking? - can Rails help?
> Have you tried it to make sure it actually works?
Yep, it works.
> What I would do in your situation is to modify the show action
> on those controllers so that they don''t take the id from the URL>
> but from the session. That way somebody accessing "/account/show"
> or "/transaction/show" can only see their own details, and nobody
2006 May 31
3
Camping and Builder and XML
Hi,
I have built a simple Camping application which indexes an ODBC
datasource using Ferret on startup, then accepts search strings and
renders the resulting hit list in HTML, and it works quite nicely.
The next step was to alternately render the list in XML for consumption
by another application. In Rails, I would simply use Builder in the view
to get the job done, and so I did the same in
2006 Sep 22
3
Error with :create => true and existing index
I implemented a "reindex" command which simply creates an IndexWriter
with :create => true for a prexisting index.
The "reindexing" seems to start out ok, with several thousand docs
added, then Ferret throws an exception:
IO Error occured: couldn''t rename file "index\_0.tmp" to "index\_0.cfs":
<File exists>
I guess that _0.cfs is held
2006 Jun 05
6
Ferret Win32 Gem for windows users ...
Hi and thanks for Ferret!
I''m wondering if it would be possible to create a Ferret Win32 gem which
includes the c performance code pre-compiled for those of us without a C
compiler handy ?
Zed Shaw seems to have cracked this particular nut with his Mongrel
Win32 gem.
Alternately, is there a zip of the Win32 .so Ferret needs that I could
download and manually install?
Kind Regards
2006 Sep 05
4
Ferret 0.10.2 - Index#search_each() and :num_docs
Hi,
I seem to be having trouble getting more than 10 hits from
Index#search_each since upgrading to 0.10.2 (ie, this was working in
0.9.4). Maybe a bug, as the #search_each doesn''t seem to use the options
parameter any more ?
Thanks,
Neville
===========================================
require ''rubygems''
require ''ferret''
p Ferret::VERSION
idx =
2006 Sep 28
3
A few questions about numbers and dates
Hi,
I just noticed that Ferret seems to convert every field to a string
[ruby code appended for those interested], which has thwarted my attempt
to format Dates (to "dd/mm/yyyy") and Floats (to "n.nn") for consumption
further down the line based on the class of the field stored.
I considered pre-formatting Dates and Floats prior to indexing, which
would store the field
2006 Sep 15
2
Trouble with "updating" a document
Hi,
I seem to be having trouble updating a doc, ie, deleting then re-adding
to the index.
The following script demonstrates my issue - I''m sure I''m missing
something obvious, but I can''t seem to find the problem. Can someone
point out where I am going wrong please ?
Regards
Neville
===
require ''rubygems''
require ''ferret''
p
2007 Feb 23
2
bug with boolean query evaluation containing parenthesis and NOT ?
Hi,
The following [simplified] query works well, however a variation which
includes parenthesis seems to fail, in that it returns hits which should
be excluded by the NOT term.
This is surprising because in this simple case, the parenthesis
shouldn''t change the Boolean evaluation ... any pointers?
Working Query: field1:value1 AND NOT field2:value2
Failing Query: field1:value1 AND
2006 Sep 20
8
Understanding boost ?
Hi,
I''m confused about managing field boosting ...
I have set the :boost for the :name field in my docs to 10, via :boost
=> 10
Then I performed a search for ''keith'' over all fields via with
*:(keith*), expecting a doc with Keith in the :name field to come out on
top. But another doc with Keith mentioned in other fields (:comments,
:address) scored higher.
I
2006 Sep 14
2
Possiible Bug ? indexWriter#doc_count countsdeleted docs after #commit
Hi David,
> Deleted documents don''t get deleted until commit is called
Ok, but FYI, my experiments show that #commit doesn''t affect #doc_count,
even across ruby sessions.
On a different note, I''d like to request a variation of #add_document
which returns the doc_id of the document added, as opposed to self.
I''m trying to track down an issue with a large
2006 Aug 28
12
Help with Multiple Readers, 1 Writer scenario
Hi,
I''m building a web server application using Ferret [thanks so much
Dave], Mongrel and Camping which works fine servicing one request at a
time, but serialises searches if more than one request arrives, so I''d
like some advice please about the best way to use multiple readers and
one writer.
Some background ... query requests which in my case are always read
only, arrive via
2005 Mar 08
3
Configuring WEBBrick for Port 80
I''ve looked everywhere [except the right place], but I can''t find where
to change WEBbrick from listening to port 3000 to port 80.
Can anyone point me in the right direction.
Thanks
Neville
_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails
2007 Mar 05
2
Warming up a new Searcher/Reader (Ferret 0.10.9 win32)
Hi,
I have a largish index [700MB] which is updated from time to time,
requiring me to close and recreate the Ferret::Search::Searcher to use
the latest index.
My problem is that the first few searches on the new index are slow [by
comparison to before the close/recreate], I''m guessing because the new
index is being loaded into RAM by my OS and into Ferret as needed.
I''m
2005 Mar 02
4
All I want for Christmas
is to run my Rails app on lighttpd ....
Unfortunately, I am tied to SQL Server, and the database connector
requires ADO.rb which only runs on Win32.
And lighttpd doesnt run on Win32.
*sigh*
_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails
2006 Dec 07
1
Range Query Term parsing bug in 0.10.6 win32 ?
Hi,
I think I''ve found a Range Query Term parsing bug ... the following term
should return names >= ''A'', but instead generates a parsing error
Term: name:[A>
Message: Nil bounds for range. A range must include either lower bound
or an upper bound
However, the slightly larger term, name:[AA> works just fine.
Any pointers please?
Kind Regards
Neville
2005 Oct 23
12
Showing a neat error message
Hi All,
I''m trying to prevent users from deleting a folder that has contents
like this:
class Folder < ActiveRecord::Base
has_many :myfiles
has_many :folders
belongs_to :folder
validates_uniqueness_of :name, :scope => "folder_id"
before_destroy :dont_destroy_folder_with_contents
def dont_destroy_folder_with_contents
if Folder.find(id) != nil ||