Prepare Interview

Mock Exams

Make Homepage

Bookmark this page

Subscribe Email Address

Ruby On Rails Interview Questions and Answers

Ques 51. What are the key deployment challenges in Ruby on Rails?

heroku makes deployment easy.

Things that I sometimes run into are:

> Mismatched gem versions between local and production environment

> Some lessons learned:

»» Use image_tag helper each time

»» Specify root path in ENV variable

»» Configure assets pipeline by setting: config.assets.enabled = true in the config/application.rb file

Configure Capistrano script to precompile assets 

Is it helpful? Add Comment View Comments
 

Ques 52. HOW CAN YOU SAFEGUARD A RAILS APPLICATION FROM SQL INJECTION ATTACK?

Rails already has the logic built into it to prevent SQL injection attacks if you follow the right syntax. 

Say you are trying to authenticate a user based on their login and password you might be tempted to use a syntax as below:

User.first("login = '#{params[:name]}' AND password = '#{params[:password]}'")

If an attacker enters ’ OR ‘1’=‘1 as the name, and ’ OR ’2’>’1 as the password, the resulting SQL query will be:

 SELECT * FROM users WHERE login = '' OR '1'='1' AND password = '' OR '2'>'1' LIMIT 1 

This will simply find the first record in the database, and grants access to this user.

To prevent this type of SQL injection simply use the following format.

  User.where("login = ? AND password = ?", entered_user_name, entered_password).first

OR

User.where(:login => entered_user_name, :password => entered_password).first

Is it helpful? Add Comment View Comments
 

Ques 53. How can you secure a Rails Application?

Rails has a lot of in-built capabilities to deal with common web-security issues. 

> SQL Injection

> Cross-Site 

> Session fixation and Session hijacking

> Captcha

Is it helpful? Add Comment View Comments
 

Ques 54. What is Ruby On Rails?

  1. Ruby on Rails is an open source full-stack web application framework written in the Ruby Programming Language. Rails is capable of gathering information using pages and applications from the web server and can interact with a database and can retrieve information from the database.

Is it helpful? Add Comment View Comments
 

Ques 55. Why Ruby on Rails?

1.CRUD (convention over configuration) 
2. DRY Principal (Do not repeat Your self )
3. Gems and Plugins
4. Pure OOP Concept
5. Scaffolding
6.. Rest Support
7.Action Mailer
8. Rake support
9. open source
10.Rpsec Suppot for testing

Is it helpful? Add Comment View Comments
 

Most helpful rated by users:

©2024 WithoutBook