Loading...

Welcome to Module 4: Security and Nested Resources in Action Pack

Course video 34 of 43

In this module, we will talk about how to deal with nested resources in Rails. We will then talk about securing your app with a username and password combination for authentication purposes and making sure that users are only authorized to make changes to and view their own resources. We will finish off the module by discussing pagination and deploying to Heroku Paas (Platform as a Service).

Rails with Active Record and Action Pack

Johns Hopkins University

Course 2 of 6 in the Ruby on Rails Web Development Specialization

You already know how to build a basic web application with the Ruby on Rails framework. Perhaps, you have even taken Course 1, "Ruby on Rails: An Introduction" (we highly recommend it) where you relied on external web services to be your “data layer”. But in the back of your mind, you always knew that there would come a time when you would need to roll up your sleeves and learn SQL to be able to interact with your own relational database (RDBMS). But there is an easier way to get started with SQL using the Active Record Object/Relational (ORM) framework. In this course, we will be able to use the Ruby language and the Active Record ORM framework to automate interactions with the database to quickly build the application we want. In Rails with Active Record and Action Pack, we will explore how to interact with relational databases by using Active Record, a Ruby gem, which Rails uses by default for database access. We will then take a look at what role Active Record plays in the overall request-response cycle, when a client (the browser) requests data from the server, as well as how to submit the data to the server. Of course, when accessing data, security is of paramount importance! We will talk about vulnerabilities such as SQL injection, as well as how to secure access to data by authenticating and authorizing users accessing the data. Take this course to build a Ruby on Rails application with Active Record to automate the detailed SQL interactions with our database.

Skills You'll Learn

Authentication, Active Record Pattern, Ruby On Rails

Taught By

Kalman Hazins
Adjunct Professor, Graduate Computer Science

Transcript

[MUSIC]

Hi and welcome to Module 4.

Up until now we have built applications that center around one resource.

In Module 4,

we're going to build an application that deals with multiple resources.

And we'll see how rails handles that

as well as nested resources like dependent resources.

Where you have one resource dependent on another resource.

For example, you have a block post that maybe has comments and

obviously comments only make sense in the context of a block post,

how do those resources interact together.

Also, we haven't talked about how to protect data.

So so far we have learned about creating data that's Active Record,

the first two modules.

We talked about how to expose data a little bit in Module 3.

But now, the data is completely exposed, the idea is to secure the data.

And the way you secure the data is by using authentication and

what authentication does is it provides maybe a user and

password to protect the website that you're trying to access and

enables authentication to authenticate that the person who is trying to log in

and view the data is a person who is authenticated to do so.

The next step is, the person might be authenticated.

But just because he's authenticated in the system

doesn't mean that he is allowed to see everybody's resources.

So that's where authorization step, how do we authorize the person to be able

to only view his own resources, not everybody else's resources?

So we'll talk about authentication and authorization and how it's done in Rails.

Including in my discussion about authentication,

we'll talk about how browsers handle requests.

So when a browser makes a request to a server, and the server responds,

usually with some HTML page, and then the browser makes another request,

the server has no idea which browser is making the request.

The server doesn't remember requests in-between.

So we're gonna talk about HTTP sessions and cookies and

how Rails handles those things to remember the previous requests that are being made.

And thus establishing a secure connection between the client,

the browser, and the web server.

We'll finish off Module 4 by talking about pagination.

And the idea of pagination is that you usually have many,

many records that you wanna access.

And you obviously don't wanna be accessing all the records at the same, so

you wanna paginate between multiple records at a time.

[MUSIC]

At the end of a module, we're gonna create an application that's gonna be

a secure application that will be authenticated, it will be authorized, and

it will be an application that you're proud of.

We'll deploy it to Heroku, the interesting twist at the end is gonna be that

Heroku only understands Post Gres, and this whole time,

we'll be building an application using SQLite database engine and we'll see that

that switch from SQLite to Post Gres on Heroku is gonna be pretty seemless.

So at the end of this course, I'm hoping that you're going to be feeling

a much better Rails developer after course one and course two, and

you're gonna be ready for course three, which is gonna be about [FOREIGN] and

enhancing the skills that you have gained in courses one and

two as a Rails developer.

About Coursera

Courses, Specializations, and Online Degrees taught by top instructors from the world's best universities and educational institutions.

Join a community of 40 million learners from around the world

Earn a skill-based course certificate to apply your knowledge

Gain confidence in your skills and further your career

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online.

© 2019 Coursera Inc. All rights reserved.

Download on the App Store

Get it on Google Play