Wednesday, July 30, 2014

Permissions 0755 for 'certificate.pem' are too open

You may experience bad permission error and ignoring operation while running a command with AWS.

It's because a AWS are concern about your security and make sure the certificate are only accessible by you, not even to read them or discover their names. That's basic sensible security and it means no permissions whatsoever for group or world.

You should own the directory and the permission should be something like 600 or 400 or 700.

To fix the issue change permission like:
chmod 400 certificate.pem

Monday, July 28, 2014

Issues with thinking sphinx

I recently faced some issues with thinking sphinx which sharing here so that it helps others.

Has many association not working:

I had a model named User which has many tracks and the very basic index definition is as follows:
ThinkingSphinx::Index.define :track, :with => :active_record do
  indexes title
  indexes [artist.first_name, artist.last_name], :as => :artist_name, :sortable => true
end
I was getting following error when run
rake ts:index
rake aborted!
NoMethodError: undefined method `_reflect_on_association' for #

Adding joiner gen to the Gemfile resolved my issues which I've got through the thinking-sphinx repository
gem 'joiner', '0.3.1'

Sphinx Guard file for index {model}_delta exists, not indexing: Removing ts-{model}_delta.tmp from db/sphinx directory resolved the issue.

Failed to start searchd daemon - 127.0.0.1: Address already in use: It means somehow the process is running anywhere, nothing to do with Thinking Sphinx.

A workaround is to use a other than default port 9312 and 9306 and start/stop the server
sudo service sphinxsearch stop

Check for processes running and kill all existing:
ps -ef | fgrep searchd
killall searchd

Find that your process is being run by root, then it will keep respawning if it is set as a service. You can edit nano /etc/default/sphinxsearch and modify it from START=yes to START=no

Tuesday, June 17, 2014

Securing secret token by generating new token dynamically

Many of us already know the reason to omit pushing secret token into version repository to secure the application.

Attacker can take the secret token and re-generate valid cookies for your applications or check out what other users have inside their account. The solution is to:

  • Generate manual key
  • Not push the token into version repository
  • Add token with environment variable
  • Dynamically generate a random secret key

I'm using a small code snippet below to generate a key dynamically:
require 'securerandom'

def find_secure_token
  token_file = Rails.root.join('.secret_token')

  if File.exist?(token_file)
    File.read(token_file).chomp
  else
    token = SecureRandom.hex(64)
    f = File.new(token_file, 'w')
    f.write(token)
    f.close
    token
  end
end

# Dynamically generate random security key
secret_key = find_secure_token
AppName::Application.config.secret_token = secret_key

Hope it will help!

Friday, May 23, 2014

Using multiple AWS Accounts from command line

A common mistake like launching and creating an app to different account can be happen when anyone managing multiple AWS account at a time.

You can easily manage that by configuring command line interface to interact with AWS such as your security credentials and the default region, profile name.

To overcome the difficulty, Create a AWS config file ~/.aws/config with following lines:
[profile profile_name_of_account_name_A]
aws_access_key_id = account_A_access_key
aws_secret_access_key = account_A_secret_key


[profile profile_name_of_account_name_B]
aws_access_key_id = account_B_access_key
aws_secret_access_key = account_B_secret_key

Now, simply run a command like:
eb init --profile profile_name_of_account_name_A

Click here to know more about configuring multiple AWS accounts to use with command line.

Saturday, April 19, 2014

Dirty checking to warn for unsaved changes using jQuery

Copy following code snippet into the application. dirtyCount() method return the number of fields have unsaved changes.
var dirtyChecking = function () {
    $('input, select, textarea').each(function () {
        var ele = $(this);
 
        ele.attr('data-old', ele.val());
 
        // Look for changes in the value
        ele.on("change keyup paste click", function (event) {
            if (ele.attr('data-old') != ele.val()) {
                ele.addClass('unsaved');
            } else {
                ele.removeClass('unsaved');
            }
        });
    });
};
 
var dirtyCount = function () {
    return $('.unsaved').length;
};

//Call dirty checking
dirtyChecking();
Copy following code to show unsaved changes warning on form unload or can define of your own
//Bind warning message showing on form unload 
window.onbeforeunload = function (e) {
    if (dirtyCount()) {
        var message = 'Any unsaved changes will be lost.';
        e = e || window.event;

        if (e) {
            e.returnValue = message;
        }

        // For Safari
            return message;
    }
};