I recently refactored another developer’s code to clean up some massive amounts of database pings to retrieve the current user object. The main problem was in the use of the logged_in_user or current_user idiom in Rails. Several places give good examples but leave out the details that were bugging my project.
(more…)
Archive for October, 2008
Rails logged_in_user idiom
Tuesday, October 7th, 2008Grails error.gsp security
Wednesday, October 1st, 2008The default generated error.gsp view in Grails displays the stacktrace for any exceptions that occur. That’s nice for debugging in a development environment but it is a security issue for production as it is information leakage. We can easily turn this off when not in development, and do something useful like redirect to the application homepage.
(more…)