similar to: Best practice to manage ''id'' hacking?

Displaying 20 results from an estimated 12000 matches similar to: "Best practice to manage ''id'' hacking?"

2005 Mar 03
19
Better tools for authoring the view
I''m hand editing my .css and .rhtml files using SciTE and hitting refresh in my browser to see the results - its slow going. What tools are people using to author their .css and .rhtml files? Thanks, Neville _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
2005 Mar 05
4
''Session id'' hacking?
> Because you mentioned "cookie-hacking": it is very easy to > take over a rails-session if you know the value of the > session-cookie. It is not possible to prevent that easily, > you can just make it harder by encrypting the whole session > (right from the beginning when the user enters the site, > and the cookie is created) by using https. https will encrypted
2005 Mar 03
5
Whats ''favicon.ico''
I''m seeing the following in the WEBbrick console output after every GET 192.168.0.108 - - [03/Mar/2005:15:35:19 AUS Eastern Daylight Time] "GET /favicon.ico HTTP/1.1" 200 60 - -> /favicon.ico What does /favicon.ico (which doesnt seem to exist in my source) do for Rails? _______________________________________________ Rails mailing list
2005 Mar 09
10
Confused about extending the login generator ''user''
I''ve been using the login generator ''out of the box'' for simple authentication, and its been working fine. Now I want to extend it by simply adding ''type_id'' field which links to my ''user_types'' table, but I''m hitting: #<ActionController::SessionRestoreError: Session contained objects where the class definition
2005 Mar 05
1
RE: Best practice to manage ''id'' hacking? - can Rails help?
> Have you tried it to make sure it actually works? Yep, it works. > What I would do in your situation is to modify the show action > on those controllers so that they don''t take the id from the URL> > but from the session. That way somebody accessing "/account/show" > or "/transaction/show" can only see their own details, and nobody
2006 May 31
3
Camping and Builder and XML
Hi, I have built a simple Camping application which indexes an ODBC datasource using Ferret on startup, then accepts search strings and renders the resulting hit list in HTML, and it works quite nicely. The next step was to alternately render the list in XML for consumption by another application. In Rails, I would simply use Builder in the view to get the job done, and so I did the same in
2006 Sep 22
3
Error with :create => true and existing index
I implemented a "reindex" command which simply creates an IndexWriter with :create => true for a prexisting index. The "reindexing" seems to start out ok, with several thousand docs added, then Ferret throws an exception: IO Error occured: couldn''t rename file "index\_0.tmp" to "index\_0.cfs": <File exists> I guess that _0.cfs is held
2006 Jun 05
6
Ferret Win32 Gem for windows users ...
Hi and thanks for Ferret! I''m wondering if it would be possible to create a Ferret Win32 gem which includes the c performance code pre-compiled for those of us without a C compiler handy ? Zed Shaw seems to have cracked this particular nut with his Mongrel Win32 gem. Alternately, is there a zip of the Win32 .so Ferret needs that I could download and manually install? Kind Regards
2006 Sep 05
4
Ferret 0.10.2 - Index#search_each() and :num_docs
Hi, I seem to be having trouble getting more than 10 hits from Index#search_each since upgrading to 0.10.2 (ie, this was working in 0.9.4). Maybe a bug, as the #search_each doesn''t seem to use the options parameter any more ? Thanks, Neville =========================================== require ''rubygems'' require ''ferret'' p Ferret::VERSION idx =
2006 Sep 28
3
A few questions about numbers and dates
Hi, I just noticed that Ferret seems to convert every field to a string [ruby code appended for those interested], which has thwarted my attempt to format Dates (to "dd/mm/yyyy") and Floats (to "n.nn") for consumption further down the line based on the class of the field stored. I considered pre-formatting Dates and Floats prior to indexing, which would store the field
2006 Sep 15
2
Trouble with "updating" a document
Hi, I seem to be having trouble updating a doc, ie, deleting then re-adding to the index. The following script demonstrates my issue - I''m sure I''m missing something obvious, but I can''t seem to find the problem. Can someone point out where I am going wrong please ? Regards Neville === require ''rubygems'' require ''ferret'' p
2007 Feb 23
2
bug with boolean query evaluation containing parenthesis and NOT ?
Hi, The following [simplified] query works well, however a variation which includes parenthesis seems to fail, in that it returns hits which should be excluded by the NOT term. This is surprising because in this simple case, the parenthesis shouldn''t change the Boolean evaluation ... any pointers? Working Query: field1:value1 AND NOT field2:value2 Failing Query: field1:value1 AND
2006 Sep 20
8
Understanding boost ?
Hi, I''m confused about managing field boosting ... I have set the :boost for the :name field in my docs to 10, via :boost => 10 Then I performed a search for ''keith'' over all fields via with *:(keith*), expecting a doc with Keith in the :name field to come out on top. But another doc with Keith mentioned in other fields (:comments, :address) scored higher. I
2006 Sep 14
2
Possiible Bug ? indexWriter#doc_count countsdeleted docs after #commit
Hi David, > Deleted documents don''t get deleted until commit is called Ok, but FYI, my experiments show that #commit doesn''t affect #doc_count, even across ruby sessions. On a different note, I''d like to request a variation of #add_document which returns the doc_id of the document added, as opposed to self. I''m trying to track down an issue with a large
2006 Aug 28
12
Help with Multiple Readers, 1 Writer scenario
Hi, I''m building a web server application using Ferret [thanks so much Dave], Mongrel and Camping which works fine servicing one request at a time, but serialises searches if more than one request arrives, so I''d like some advice please about the best way to use multiple readers and one writer. Some background ... query requests which in my case are always read only, arrive via
2005 Mar 08
3
Configuring WEBBrick for Port 80
I''ve looked everywhere [except the right place], but I can''t find where to change WEBbrick from listening to port 3000 to port 80. Can anyone point me in the right direction. Thanks Neville _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
2007 Mar 05
2
Warming up a new Searcher/Reader (Ferret 0.10.9 win32)
Hi, I have a largish index [700MB] which is updated from time to time, requiring me to close and recreate the Ferret::Search::Searcher to use the latest index. My problem is that the first few searches on the new index are slow [by comparison to before the close/recreate], I''m guessing because the new index is being loaded into RAM by my OS and into Ferret as needed. I''m
2005 Mar 02
4
All I want for Christmas
is to run my Rails app on lighttpd .... Unfortunately, I am tied to SQL Server, and the database connector requires ADO.rb which only runs on Win32. And lighttpd doesnt run on Win32. *sigh* _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
2006 Dec 07
1
Range Query Term parsing bug in 0.10.6 win32 ?
Hi, I think I''ve found a Range Query Term parsing bug ... the following term should return names >= ''A'', but instead generates a parsing error Term: name:[A> Message: Nil bounds for range. A range must include either lower bound or an upper bound However, the slightly larger term, name:[AA> works just fine. Any pointers please? Kind Regards Neville
2005 Oct 23
12
Showing a neat error message
Hi All, I''m trying to prevent users from deleting a folder that has contents like this: class Folder < ActiveRecord::Base has_many :myfiles has_many :folders belongs_to :folder validates_uniqueness_of :name, :scope => "folder_id" before_destroy :dont_destroy_folder_with_contents def dont_destroy_folder_with_contents if Folder.find(id) != nil ||