What if any source code of a rails project should be obscured even for an open source project? -

-

this hard 1 search for. if have open source rails web application project source code publicly hosted, on github, information should obscured or swapped if application run in production @ public website? assumption things config/initilizers/secret_token.rb, authentication salting stuff, , database login information should not same in production in development. other precautions should taken ensure production site not vulnerable people fiddling sessions or else not considering?

rails-specific sources of sensitive information

scrub sensitive information out of:

  • config/environments/*.rb
  • config/initializers/cookie_verification_secret.rb
  • config/initializers/secret_token.rb
  • config/initializers/session_store.rb
  • any files added support third-party libraries, such config/memcached.yml
  • config/database.yml
  • db/seeds.rb
  • any rake tasks in lib/tasks.
  • test/fixtures/*

general changes

including because think it's list of things keep in mind releasing open-source software have in production.

  • remove sensitive information:
    • password salts
    • default user credentials populated code or seeds
    • authentication information external server or service
      • databases
      • third-party apis
      • ecommerse solutions
    • any seeded data potentially publicize trade secrets
  • test code throughly exploits. if in code , code available public, people find them , know how compromise site.
  • clean code. code form of publicity site; it's 1 of many things represent site/company. make sure change variable/function names/error messages/seeded data/etc written out of humor or frustration bad public.
  • actively contribute enhancements , bug fixes project , respond external requests fixes/enhancement or pull requests have solved problem themselves. keeps project active , helps publicity angle.
  • make sure give credit credit due. code public, people know if you've utilized third-party code/libraries. if such code came attribution clauses in license agreements, make sure project complies agreements.

Comments

Post a Comment

Popular posts from this blog

java - SNMP4J General Variable Binding Error -

-
i trying use snmp4j snmp bulkget. when ever use snmp4j make call returned responseevent error says "general variable binding error" , data returned equal null. to debug: print out, console, exact oid , version number using in snmp4j. use printed out data snmpwalk on command line. valid results. know sending snmp4j correct pdu correct oid, version number, max repititions, etc. i have used snmp4j , code wrote succesffuly monitor other devices years. don't know different time. leaving me stumped. why "general variable binding error?" causes error? ideas debug? can reproduced? if so, first action should using wireshark or microsoft network monitor capture network packets. my guess agent gives generr response, not surprising, http://www.ietf.org/rfc/rfc1157.txt
Read more

windows - Python Service Installation - "Could not find PythonClass entry" -

-
i working on building python service. inducing error, not sure inducing it. ps c:\...> python .\file.py debug debugging service myservice - press ctrl+c stop. error 0xc00000f4 - not find service's pythonclass entry in registry error 1814 - specified resource name cannot found in image file. error 0xc0000080 - not locate module name in python class string (ie, no '.') this error coming pythonservicemessages.mc in pythonwin32. it turns out error result caused exception being thrown , python script dying off.
Read more

Determine if a XmlNode is empty or null in C#? -

-
the following code takes xmlnode data type , populates dataset object xmlnode content. write dataset's content file. public void populatedataset(xmlnode node) { xmlnodereader reader = new xmlnodereader(node); dataset ds = new dataset(); ds.readxml(reader); system.guid guid = system.guid.newguid(); string name = string.format("{0}{1}_{2}.xml", utility.xmloutputpath, utility.xmloutputfilename, guid.tostring()); //need write "node empty" file if xmlnode object empty of null ds.writexml(name, xmlwritemode.ignoreschema); } the problem encountered 1 scenario not write content file. how determine if xmlnode object null or empty? you can check if node parameter null or has innertext or innerxml properties null or empty, when enter method before creating xmlnodereader .
Read more