Monday, November 30, 2009

Plug A Security Hole in RubyGems By Mailing Ruby Install Dir ReadOnly!

When creating a Ruby gem, developers can specify a list of executable files. These executives are copied into the same directory where the Ruby binary is located. While very convenient, it opens a huge security hole.

It would be fairly easy for someone to provide an alternate version of the Ruby executable.

If possible, write-protect your ruby install directory to prevent this avenue of attack. If you run Windows and are paranoid, backup the Ruby install directory so you have something for future comparison.

Sunday, November 22, 2009

How to Resolve Heroku's 'not authorized to access newname' Git error.

When you see the 'not authorized to access newname' error, it probably. means that your Git configuration is incorrect. For example, my .git/config file had the following:
[core]
 repositoryformatversion = 0
 filemode = true
 bare = false
 logallrefupdates = true
[remote "heroku"]
 url = git@heroku.com:newname.git
 fetch = +refs/heads/*:refs/remotes/heroku/*
Notice the highlighted words. Just change newname to the actual project name and you should be fixed.

Saturday, November 21, 2009

Scripting the Heroku Push

This tip falls under the KISS principle. I recently started using the Heroku service to run some Rails websites. After making changes and committing them to your local Git repository, those changes are pushed to Heroku using the command git push heroku master. Since I'm likely to forget and since it's four words I created a file called script/push with that command. Here are the steps.

  1. Create a file called script/push with one line: git push heroku master.
  2. Run chmod +x script/push
  3. Run git add script/push.
  4. Run git commit -m "scripting the Heroku push".
  5. Run script/push.

That's it. Just script/push whenever you need to deploy.