Book Image

Learning Mongoid

By : Gautam Rege
Book Image

Learning Mongoid

By: Gautam Rege

Overview of this book

Mongoid helps you to leverage the power of schema-less and efficient document-based design, dynamic queries, and atomic modifier operations. Mongoid eases the work of Ruby developers while they are working on complex frameworks. Starting with why and how you should use Mongoid, this book covers the various components of Mongoid. It then delves deeper into the detail of queries and relations, and you will learn some tips and tricks on improving performance. With this book, you will be able to build robust and large-scale web applications with Mongoid and Rails. Starting with the basics, this book introduces you to components such as moped and origin, and how information is managed, learn about the various datatypes, embedded documents, arrays, and hashes. You will learn how a document is stored and manipulated with callbacks, validations, and even atomic updates. This book will then show you the querying mechanism in detail, right from simple to complex queries, and even explains eager loading, lazy evaluation, and chaining of queries. Finally, this book will explain the importance of performance tuning and how to use the right indexes. It also explains MapReduce and the Aggregation Framework.

Related Content you might be interested in

Current Title:

Small book image
Learning Mongoid
Gautam Rege
Dec, 2013 | 140 pages
No titles found
Table of Contents (14 chapters)
Learning Mongoid
Learning Mongoid
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
What's so Awesome about Mongoid?
What's so Awesome about Mongoid?
A practical approach using the Sodibee library system
Notice about Mongoid 2.x
Mongoid and MongoMapper
Summary
2
Mongoid Document Model
Mongoid Document Model
The Mongoid document
Embedded documents
Localization
Mass assignment and security
Summary
3
Persisting Documents
Persisting Documents
MongoDB persistence strategy
Validations
Callbacks
Summary
4
Mongoid Relations
Mongoid Relations
Configuring relationships
has_one – the one-to-one relation
has_many – the many-to-one relation
The belongs_to relation
has_and_belongs_to_many – the many-to-many relation
Polymorphic relations
embeds_many – embedding many documents
embeds_one – embed one document
embedded_in – resolving children
Embedded polymorphic relations
Summary
5
Mongoid Queries
Mongoid Queries
Origins of Origin
Query selectors
Mongoid criteria
Queries on arrays and hashes
Atomic modifiers
Querying with indexed fields
The aggregation framework
Geolocation queries
Summary
6
Performance Tuning
Performance Tuning
MongoDB environment
Indexes
IdentityMap
MapReduce and the aggregation framework
Monitoring query performance
Good practices and recommendations
Summary
7
Mongoid Modules
Mongoid Modules
Timestamping
Versioning
Paranoia
Acts as state machine (aasm)
Summary
Index
Index

Mass assignment and security

Mass assignment of attributes is a way in which we can assign multiple attributes of an object directly. Typically, the parameter hash params can be used directly to update the object. For example:

# params: { name: "Gautam", age: 35}
User.update_attributes(params)

But, what happens if someone updates information that should not have been part of params? What if someone inserted information such as password: "something" into the params hash? It will update the User object and create havoc.

That's exactly what happened.

Note

Early in 2012, Egor Homakov hacked github.com using this mass assignment Rails vulnerability. He was kind enough not to cause any harm and his intention was only to highlight the Rails' vulnerability of mass assignment.

He posted his own SSH key into the Rails core team user as a mass assignment, and it worked! He had full access to the repository after that. He highlighted that mass assignment is dangerous.

To protect against mass assignment, Rails...

Previous Section
End of Section 5
Next Section