Problem with reading cgi cookie

2010/7/26 Pål Bergström [email protected]:

Sorry but I don’t understand you. And I have a feeling you don’t
understand me.

Let me ask you this instead; is there a way to get the value of a cookie
in a model?

That breaks encapsulation. The model should never care what your
cookies are doing. Only controllers should care about cookies.

That being said…

When you use the model to create an instance of an ActiveRecord
object, generally you will pass in the params from a form, something
like this:

User.create( params[:user] )

params is a type of hash, and Hash has merge. So you can add stuff to
the params before passing it to the model, something like:

params.merge( :my_cookie => cookies[:my_cookie] )


Greg D.
destiney.com | gregdonald.com

Greg D. wrote:

2010/7/26 P�l Bergstr�m [email protected]:

params is a type of hash, and Hash has merge. So you can add stuff to
the params before passing it to the model, something like:

params.merge( :my_cookie => cookies[:my_cookie] )

That I know. I was hoping to do something similar to what I had before,
when I could use cgi. Something easy using before_save and after_find.

What I want to achieve is to aes encrypt selected columns in the
database using a key stored in the users browser as a cookie. I do it (
or used to do it) like this.

In each model I have a before_save and after_find. There I pass the
value from the params, or from the database after find, to a module
where the string was either encrypted or decrypted with the key stored
in a cookie. That cookie was fetched with the help of cgi in the module.
It worked great. But not now, as Rack is taking the place of cgi.

Robert W. wrote:

Pål Bergström wrote:

I though I had made that clear. You read the cookie value as shown in
above index method of the controller then you pass that value to the
model object.

If you don’t know how to pass a variable to a method, then I’d suggest
learning something about Ruby before you try to write a Rails
application. I don’t know how to make this any more clear.

Sorry but I don’t understand you. And I have a feeling you don’t
understand me.

Let me ask you this instead; is there a way to get the value of a cookie
in a model?

On Jul 26, 11:27 pm, Pål Bergström [email protected] wrote:

Greg D. wrote:

2010/7/26 P l Bergstr m [email protected]:
params is a type of hash, and Hash has merge. So you can add stuff to
the params before passing it to the model, something like:

params.merge( :my_cookie => cookies[:my_cookie] )

That I know. I was hoping to do something similar to what I had before,
when I could use cgi. Something easy using before_save and after_find.

With CGI the interface between the webserver and rails is essentially
a whole bunch of environment variables, which can of course be read
anywhere. That’s why you can create an instance of CGI and it gets all
the request parameters out of thin air. Rack isn’t like that so it
just isn’t possible to devine the current request object out of thin
air.
You could I suppose have a before filter in your requests that would
stash the current request object (or its cookies) in thread local
storage. Both this and your existing solution break encapsulation as
others have said. For example it would be a real mess if you ever
wanted to call any of these cookie using methods from a standalone
mess because you’d have mess around create fake cookies.

Fred

Greg D. wrote:

I would just add the functionality to ActiveRecord:

Where does the unique aes key comes in, the user cookie?

2010/7/26 Pål Bergström [email protected]:

in a cookie. That cookie was fetched with the help of cgi in the module.
It worked great. But not now, as Rack is taking the place of cgi.

I would just add the functionality to ActiveRecord:

Build a module that does the AES stuff:

module MyAes

def self.append_features( base )
base.before_save do |model|
model.encrypted_stuff = encrypt( model.plain_old_data ) if
model.respond_to?( :plain_old_data )
end
end

def self.append_features( base )
base.after_find do |model|
model.plain_old_data = decrypt( model.encrypted_stuff ) if
model.respond_to?( :plain_old_data )
end
end

end

Mix the module into ActiveRecord, in environment.rb:

class ActiveRecord::Base
include MyAes
end

class Foo < ActiveRecord::Base
attr_accessor :plain_old_data
end


Greg D.
destiney.com | gregdonald.com

2010/7/26 Pål Bergström r[email protected]:

What I want to achieve is to aes encrypt selected columns in the
database using a key stored in the users browser as a cookie.

Are you doing this over https, or just plain http?

-Dave


Specialization is for insects. -RAH | Have Pun, Will Babble! -me
Programming Blog: http://codosaur.us | Work: http://davearonson.com
Leadership Blog: http://dare2xl.com | Play: http://davearonson.net

Dave A. wrote:

Are you doing this over https, or just plain http?

For now just over http. But eventually with ssl.

2010/7/27 Pål Bergström [email protected]:

Dave A. wrote:

Are you doing this over https, or just plain http?

For now just over http. But eventually with ssl.

Before this goes live?

-Dave


Specialization is for insects. -RAH | Have Pun, Will Babble! -me
Programming Blog: http://codosaur.us | Work: http://davearonson.com
Leadership Blog: http://dare2xl.com | Play: http://davearonson.net

Dave A. wrote:

For now just over http. But eventually with ssl.

Before this goes live?

Yes. It doesn’t matter. The key in the cookie has nothing to do with the
overall security. It’s just an extra layer of security for the user,
encrypted with aes. E.g. I don’t want to see certain info in the
database when I look at it from the backend.

Pål Bergström wrote:

Greg D. wrote:

I would just add the functionality to ActiveRecord:

Where does the unique aes key comes in, the user cookie?

It’s a unique user key for use with fast_aes in order to encrypt certain
data in the database.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs