Ruby On Rails Interview Questions and Answers
Ques 51. What are the key deployment challenges in Ruby on Rails?
heroku makes deployment easy.
Things that I sometimes run into are:
> Mismatched gem versions between local and production environment
> Some lessons learned:
»» Use image_tag helper each time
»» Specify root path in ENV variable
»» Configure assets pipeline by setting: config.assets.enabled = true in the config/application.rb file
Configure Capistrano script to precompile assets
Ques 52. HOW CAN YOU SAFEGUARD A RAILS APPLICATION FROM SQL INJECTION ATTACK?
Rails already has the logic built into it to prevent SQL injection attacks if you follow the right syntax.
Say you are trying to authenticate a user based on their login and password you might be tempted to use a syntax as below:
User.first("login = '#{params[:name]}' AND password = '#{params[:password]}'")
If an attacker enters ’ OR ‘1’=‘1 as the name, and ’ OR ’2’>’1 as the password, the resulting SQL query will be:
SELECT * FROM users WHERE login = '' OR '1'='1' AND password = '' OR '2'>'1' LIMIT 1
This will simply find the first record in the database, and grants access to this user.
To prevent this type of SQL injection simply use the following format.
User.where("login = ? AND password = ?", entered_user_name, entered_password).first
OR
User.where(:login => entered_user_name, :password => entered_password).first
Ques 53. How can you secure a Rails Application?
Rails has a lot of in-built capabilities to deal with common web-security issues.
> SQL Injection
> Cross-Site
> Session fixation and Session hijacking
> Captcha
Ques 54. What is Ruby On Rails?
Ques 55. Why Ruby on Rails?
1.CRUD (convention over configuration)
2. DRY Principal (Do not repeat Your self )
3. Gems and Plugins
4. Pure OOP Concept
5. Scaffolding
6.. Rest Support
7.Action Mailer
8. Rake support
9. open source
10.Rpsec Suppot for testing
Most helpful rated by users:
- What is Ruby On Rails?
- Why Ruby on Rails?
- Explain how (almost) everything is an object in Ruby.
- What are Gems and which are some of your favorites?
- How would you declare and use a constructor in Ruby?