Im looking at my controllers and ive got loads of stuff like
user = User.find(params[:user_id])
dotted around.
If for some unknown obscure reason an invalid user_id is passed in the
params then, judign by what happens in console, a exception is raised.
In production mode what would happen? Would the whole site come
crumbling down and require a restart from me?
I know I can rescue this exception perhaps just redirect to some splash
page. Im just wondering what others do regarding this as nearly every
tutorial ive seen just writes it as is. Or perhaps im just worrying to
much.
Im looking at my controllers and ive got loads of stuff like
user = User.find(params[:user_id])
dotted around.
If for some unknown obscure reason an invalid user_id is passed in the
params then, judign by what happens in console, a exception is raised.
In production mode what would happen? Would the whole site come
crumbling down and require a restart from me?
I would rather make sure bad data never makes it that far.
Im looking at my controllers and ive got loads of stuff like
user = User.find(params[:user_id])
dotted around.
If for some unknown obscure reason an invalid user_id is passed in the
params then, judign by what happens in console, a exception is raised.
In production mode what would happen? Would the whole site come
crumbling down and require a restart from me?
I know I can rescue this exception perhaps just redirect to some splash
page. Im just wondering what others do regarding this as nearly every
tutorial ive seen just writes it as is. Or perhaps im just worrying to
much.
Under what circumstance would user_id be invalid? I think the question
you should be asking is: Should there be validation in place for this
before this stage?
Think about what would happen in the following example:
curl -X POST -F “user_id=345” http://example.com/users
Obviously if no user_id of 345 exists in the users table then AR will
throw an ActiveRecord::RecordNotFound exception.
Is this a problem you need to worry about? Maybe yes, maybe no. If an
unexpected exception occurs while running in production mode there is a
simple “Something went wrong.” page returned to the user. Maybe that’s
all you need. But, you might need something more.
I believe that it is common practice to return the standard 404 “Page
not found.” page when ActiveRecord throws this exception. It’s possible
that Rails will actually take care of doing that for you, but I’m not
really sure about that.
I think the question
you should be asking is: Should there be validation in place for this
before this stage?
I don’t actually see how validation would help here. Asking for a record
with an id that does not exist can’t easily be validated.
Take for example that a client of a web service fetches user with id=5
and caches the details client-side. Then suppose that before the client
has a chance to modify and update the user with id=5 the user gets
deleted. In this case the client is going to assume that user with id=5
exists, and send the following request:
The clients then needs to receive a response indicating that the user
was not found. This response might not be HTML, but the situation would
be the same as if it was. A logical response for an HTML client would be
the 404 page “Resource not found.”
Thanks everyone for your replies. Im going to make it so that even in a
worst case scenario my app redirects appropriately. Ill stick the find
call between a begin and rescue.
Thanks again.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.