| CARVIEW |
Announcing EncryptedCookieStore plugin for Rails 2.3
By Hongli Lai April 13th, 2010
EncryptedCookieStore is similar to Ruby on Rails’s CookieStore (it saves session data in a cookie), but it uses encryption so that people can’t read what’s in the session data. This makes it possible to store sensitive data in the session.
EncryptedCookieStore is written for Rails 2.3. Other versions of Rails have not been tested.
Note: This is not ThinkRelevance’s EncryptedCookieStore. In the Rails 2.0 days they wrote an EncryptedCookieStore, but it seems their repository had gone defunct and their source code lost. This EncryptedCookieStore is written from scratch by Phusion.
Source code at https://github.com/FooBarWidget/encrypted_cookie_store
Installation and usage
First, install it:
./script/plugin install git://github.com/FooBarWidget/encrypted_cookie_store.git
Then edit config/initializers/session_store.rb and set your session store to EncryptedCookieStore:
ActionController::Base.session_store = EncryptedCookieStore
You need to set a few session options before EncryptedCookieStore is usable. You must set all options that CookieStore needs, plus an encryption key that EncryptedCookieStore needs. In session_store.rb:
ActionController::Base.session = {
# CookieStore options...
:key => '_session', # Name of the cookie which contains the session data.
:secret => 'b4589cc9...', # A secret string used to generate the checksum for
# the session data. Must be longer than 64 characters
# and be completely random.
# EncryptedCookieStore options...
:encryption_key => 'c306779f3...', # The encryption key. See below for notes.
}
The encryption key must be a hexadecimal string of exactly 32 bytes. It should be entirely random, because otherwise it can make the encryption weak.
You can generate a new encryption key by running rake secret:encryption_key. This command will output a random encryption key that you can then copy and paste into your environment.rb.
Operational details
Upon generating cookie data, EncryptedCookieStore generates a new, random initialization vector for encrypting the session data. This initialization vector is then encrypted with 128-bit AES in ECB mode. The session data is first protected with an HMAC to prevent tampering. The session data, along with the HMAC, are then encrypted using 256-bit AES in CFB mode with the generated initialization vector. This encrypted session data + HMAC are then stored, along with the encrypted initialization vector, into the cookie.
Upon unmarshalling the cookie data, EncryptedCookieStore decrypts the encrypted initialization vector and use that to decrypt the encrypted session data + HMAC. The decrypted session data is then verified against the HMAC.
The reason why HMAC verification occurs after decryption instead of before decryption is because we want to be able to detect changes to the encryption key and changes to the HMAC secret key, as well as migrations from CookieStore. Verifying after decryption allows us to automatically invalidate such old session cookies.
EncryptedCookieStore is quite fast: it is able to marshal and unmarshal a simple session object 5000 times in 8.7 seconds on a MacBook Pro with a 2.4 Ghz Intel Core 2 Duo (in battery mode). This is about 0.174 ms per marshal+unmarshal action. See rake benchmark in the EncryptedCookieStore sources for details.
EncryptedCookieStore vs other session stores
EncryptedCookieStore inherits all the benefits of CookieStore:
- It works out of the box without the need to setup a seperate data store (e.g. database table, daemon, etc).
- It does not require any maintenance. Old, stale sessions do not need to be manually cleaned up, as is the case with PStore and ActiveRecordStore.
- Compared to MemCacheStore, EncryptedCookieStore can “hold” an infinite number of sessions at any time.
- It can be scaled across multiple servers without any additional setup.
- It is fast.
- It is more secure than CookieStore because it allows you to store sensitive data in the session.
There are of course drawbacks as well:
- It is prone to session replay attacks. These kind of attacks are explained in the Ruby on Rails Security Guide. Therefore you should never store anything along the lines of is_admin in the session.
- You can store at most a little less than 4 KB of data in the session because that’s the size limit of a cookie. “A little less” because EncryptedCookieStore also stores a small amount of bookkeeping data in the cookie.
- Although encryption makes it more secure than CookieStore, there’s still a chance that a bug in EncryptedCookieStore renders it insecure. We welcome everyone to audit this code. There’s also a chance that weaknesses in AES are found in the near future which render it insecure. If you are storing *really* sensitive information in the session, e.g. social security numbers, or plans for world domination, then you should consider using ActiveRecordStore or some other server-side store.
JRuby: Illegal Key Size error
If you get this error (and your code works with MRI)…
Illegal key size
[...]/vendor/plugins/encrypted_cookie_store/lib/encrypted_cookie_store.rb:62:in `marshal'
…then it probably means you don’t have the “unlimited strength” policy files installed for your JVM. Download and install them. You probably have the “strong” version if they are already there.
As a workaround, you can change the cipher type from 256-bit AES to 128-bit by
inserting the following in config/initializer/session_store.rb:
EncryptedCookieStore.data_cipher_type = 'aes-128-cfb'.freeze # was 256
Please note that after changing to 128-bit AES, EncryptedCookieStore still requires a 32 bytes hexadecimal encryption key, although only half of the key is actually used.
Objective-C for Ruby developers, un not-so-petit interlude (1/2)
By Jean Pierre Hernandez March 24th, 2010
Bonjour les amis! Welcome back to to this second installment of our tour de MacRuby! In the previous article, we went over the basics of XCode and Interface Builder. With this preliminary knowledge, we were quickly able to write our very first Cocoa application using MacRuby as well as understand the importance of Camembert!
Indeed, that was quite an interesting experience as it showed not only how easy it was, but hopefully, it also showed how fun this was as well. If I’ve been unable to convince you of this in the last article, I certainly hope I will be able to do so in this article as we will compare the MacRuby way with the traditional “Objective-C” way.
Assuming you are already well familiar with Ruby, it’s important to go over some basics of Objective-C seeing as Cocoa and its documentation assume this language. Basic understanding of Objective-C is therefore a must when it comes to developing Cocoa applications.
At a first glance, Objective-C and Ruby couldn’t be more different from each other than humanly possible. Where Ruby is beautiful and elegant, Objective-C seems to be convoluted with square brackets. Looking past the syntactic differences though, you’ll be able to see that they really don’t differ that much from one another.
For instance, both Objective-C and Ruby are strongly typed object oriented programming languages. They both support dynamic dispatching via message dispatching, i.e. objects being able to respond to messages and effectively run the corresponding code for that message during runtime.
Realizing these similarities, Laurent Sansonetti — black-belt Patrick Hernandez imitator at Apple Inc. — set out to unify these two worlds, resulting in MacRuby. With MacRuby one can access the Cocoa library as if it were an integral part of Ruby itself. This in contrast to RubyCocoa which acts as a bridge between Ruby and Cocoa.
Read on…
Creating our very first Mac application with Ruby, how exciting!
By Jean Pierre Hernandez March 12th, 2010
People always ask me why I never find a programming language for the Mac and settle down down down. C’est absolument incroyable indeed as the answer should be pretty straight forward to those who have already written an application for the Mac using Objective-C.
As a matter of fact, in France, raising such a question is like asking whether or not Camembert goes well with French fries or not. The answer to this question is obvious as it’s a known fact that Camembert goes well with everything. Seeing as not everyone is blessed with a taste for fine French cuisine and/or is from French héritage however, I’ll try to give an approximation in this blog.
A gentle introduction to MacRuby
By Jean Pierre Hernandez March 12th, 2010
Bonjour les amis! My name is Jean Pierre Hernandez, I work at Phusion and indeed, am a direct relative of legendary super star disco god Patrick Hernandez.
Where Patrick was born to do disco, I was born to dabble in code, in particular with Cocoa. My brother would often use a cane to emphasize his graceful dance moves, and following suit, we’ll use Ruby to emphasize our élégance and love for fine Mac application development.
It brings me enormous joy to have you here on my blog, most likely resulting from a latent hate [[[towards] angular] brackets]. That’s okay, we’ve all been there, the important thing is we’ve found out that this torture is absolutement not necessary and that verbosity and masochism are still choices when it comes to developing delicious Mac applications. Not here however, as we’ll settle with no less than élégance and beauty! Painlessly incroyable indeed!
Before we’re able to start cooking on our first of many delicious Mac applications, we first need to set up the environment where all the magic happens.
As elegant and beautiful as MacRuby may appear to the developer, make no mistake, it’s also a beast when it comes to performance. Via techniques such as Just-in-Time (JIT) and ahead-of-time compilation, MacRuby applications can achieve performance comparable to native applications. Ahead-of-time compilation in particular is useful if you would like to keep your delicious mac recipes private to a larger extend.
In order to achieve all this goodness, MacRuby employs one of the most sophisticated compiler infrastructures at this moment in the form of LLVM. Depending on your needs and intentions with MacRuby you may want to choose to compile all these components from source by grabbing it from SVN or Git. Keep in mind that in the case of the latter, LLVM is still a moving target in terms of releases and is subjected to rapid API and feature changes. It is for this reason that MacRuby is forced to use specific builds as specified in the README.
Compiling LLVM and MacRuby from source can be quite time consuming and tedious. In particular, LLVM will take about 1 hour to compile utilizing both CPU cores on a unibody MacBook Pro. Luckily, our community is blessed with nice people who made sure we could also utilize already-compiled binaries and nightlies, the latter containing nightly edge builds of MacRuby. For the sake of stability, we’d recommend you to use the former instead.
Once you’ve installed these components, we can start cooking up our first cocoa application for the mac using Ruby, which is exciting indeed!
Phusion Passenger 2.2.11 released
By Hongli Lai March 5th, 2010
This release fixes a regression that appeared in 2.2.10 which only affects Apache. When under high load, Apache might freeze and stop responding to requests. The regression was caused by an attempt in 2.2.10 to fix various file descriptor passing problems. The fix introduced a race condition in one of the Phusion Passenger components, and since the problem only occurs under certain high-concurrency workloads it escaped our last release testing.
This problem does not affect Nginx; you only have to upgrade if you’re using Apache.
More information about the problem can be found at the following discussion thread: https://groups.google.com/group/phusion-passenger/t/d5bb2f17c8446ea0
How do I upgrade to 2.2.11?
Via a gem
Please install it with the following command:
gem install passenger
Next, run:
passenger-install-apache2-module
Or, if you’re an Nginx user:
passenger-install-nginx-module
Please don’t forget to copy & paste the Apache/Nginx config snippet that the installer gives you.
Via a native Linux package
John Leach from Brightbox has kindly provided an Ubuntu 8.04 package for Phusion Passenger. The package is available from the Brightbox repository which you can find at:
https://apt.brightbox.net
Add the following line to the Third Party Software Sources:
deb https://apt.brightbox.net hardy main
(The simplest way to do that is to create a file in /etc/apt/sources.list.d/ containing the deb instruction, and then run ‘apt-get update’).
Once you’ve done this then you can install Phusion Passenger by running:
sudo apt-get install libapache2-mod-passenger
-or-
sudo apt-get install nginx-brightbox
(Note that John is currently packaging 2.2.11, so it might take a while before this release shows up in the apt repository.)
Final
Phusion Passenger is provided to the community for free. If you like Phusion Passenger, please consider sending us a donation. Thank you!
Phusion Passenger 2.2.10 released
By Hongli Lai February 22nd, 2010
Phusion Passenger is an Apache and Nginx module for deploying Ruby on Rails web applications, and is mainly focused on ease of use and stability.
Recent changes
Phusion Passenger is under constant maintenance and development. We are pleased to announce Phusion Passenger version 2.2.10. This is a bug fix release.
- Fixed some Bundler compatibility problems.
- Fixed some file descriptor passing problems, which previously could lead to mysterious crashes.
- Fixed some compilation problems on newer GCC versions. Issue #430.
- Support #size method in rack.input.
How do I upgrade to 2.2.10?
Via a gem
Please install it with the following command:
gem install passenger
Next, run:
passenger-install-apache2-module
Or, if you’re an Nginx user:
passenger-install-nginx-module
Please don’t forget to copy & paste the Apache/Nginx config snippet that the installer gives you.
Via a native Linux package
John Leach from Brightbox has kindly provided an Ubuntu 8.04 package for Phusion Passenger. The package is available from the Brightbox repository which you can find at:
https://apt.brightbox.net
Add the following line to the Third Party Software Sources:
deb https://apt.brightbox.net hardy main
(The simplest way to do that is to create a file in /etc/apt/sources.list.d/ containing the deb instruction, and then run ‘apt-get update’).
Once you’ve done this then you can install Phusion Passenger by running:
sudo apt-get install libapache2-mod-passenger
-or-
sudo apt-get install nginx-brightbox
(Note that John is currently packaging 2.2.10, so it might take a while before this release shows up in the apt repository.)
Final
Phusion Passenger is provided to the community for free. If you like Phusion Passenger, please consider sending us a donation. Thank you!
Ruby Enterprise Edition 1.8.7-2010.01 released
By Hongli Lai January 20th, 2010
What is Ruby Enterprise Edition?
Ruby Enterprise Edition (REE) is a server-oriented distribution of the official Ruby interpreter, and includes various additional enhancements, such as:
- A “copy-on-write friendly” garbage collector, capable of reducing Ruby on Rails applications’ memory usage by 33% on average.
- The tcmalloc memory allocator, which lowers overall memory usage and boosts memory allocation speed.
- The ability to performance tune the garbage collector.
- The MBARI patch set, for improved garbage collection efficiency.
- The zero-copy context switching patch, included as an experimental feature.
- Various analysis and debugging features.
REE can be easily installed in parallel to your existing Ruby interpreter, allowing you switch to REE with minimal hassle or risk. REE has been out for about a year now and is already used by many high-profile websites and organizations, such as New York Times, Shopify and 37signals.
“We switched to enterprise ruby to get the full benefit of the [copy-on-write] memory characteristics and we can absolutely confirm the memory savings of 30% some others have reported. This is many thousand dollars of savings even at today’s hardware prices.”
– Tobias Lütke (Shopify)
Ruby Enterprise Edition is 100% open source.
Changes
- Upgraded to Ruby 1.8.7-p248
- The previous REE release was based on 1.8.7-p174.
- Improved compiler optimization options
- The previous REE release was compiled with
-Os -fno-strict-aliasing.-fno-strict-aliasingwas used to avoid improper code generation by GCC 4.4. This was actually caused by some aliasing bugs in Ruby’s util.c source file. The problems have been fixed in 1.8.7-p174 so we’ve now removed this compilation flag, allowing for better compiler optimizations.It turned out that
-O2yields better performance than -Os in many production environments, though some microbenchmarks might indicate otherwise. Therefore we’ve now replaced -Os with -O2. - Fixed OpenSSL extension compilation problems on systems with OpenSSL 1.0
- At this time, upstream Ruby cannot be compiled on systems with OpenSSL 1.0 because of compatibility problems in the Ruby OpenSSL extension. Fedora 12 includes OpenSSL 1.0. We’ve applied a patch by the Fedora guys and added some minor changes to fix some compilation warnings. These patches have been send upstream. Ruby issue #2022.
- Backported an IO#write exception bug fix
- Upstream Ruby 1.8.7-p248 has a bug in its IO#write method: it always raises Errno::EINVAL even when a different error occured. We found this problem while testing Phusion Passenger on this Ruby release.
We’ve submitted a patch upstream. This patch is also applied in this REE release.
- Thread timer fix now merged upstream
- Previous REE releases included Joe Damato’s and Aman Gupta’s thread timer fix. This fix has now found its way back upstream and is included by default in 1.8.7-p248, so we’ve removed the patch from our source tree.
- Fix a crash bug in the zero-copy context switching patch set
- This crash can be reproduced by running “god”, which will eventually cause a crash. Aman Gupta has fixed this problem.
Please note that the zero-copy context switching patch set is disabled by default, and must be explicitly enabled by passing –fast-threading to the installer. It is currently still marked as experimental because there are some known issues with the Kernel::fork method. Issue #9.
- Ubuntu package now contains debugging symbols
- Previous REE Ubuntu packages that we release had binaries with debugging symbols stripped, in order to minimize the package sizes. We no longer strip the debugging symbols now because Joe and Aman’s Memprof depends on the presence of debugging symbols. Memprof should work out-of-the-box with this release of REE.
Please note that although the binaries are larger, this does not affect performance in any way. The debugging symbols are only used for debugging and introspection purposes and do not affect the runtime behavior of Ruby at all.
- Developer documentation is now installed by default
- RDoc and RI documentation are now installed by default. You can avoid this by passing --no-dev-docs to the installer.
The Ubuntu packages include developer documentation.
- Installer now checks for the existence of the ‘patch’ utility
- This fixes bug #10.
- Some documentation updates
- Parts are contributed by Trevor Turk.
Download & upgrade
To install Ruby Enterprise Edition, please visit the download page. To upgrade from a previous version, simply install into the same prefix that you installed to last time. Please also refer to the documentation for upgrade instructions.
Phusion Passenger 2.2.9 released
By Hongli Lai January 8th, 2010
Phusion Passenger is an Apache and Nginx module for deploying Ruby on Rails web applications, and is mainly focused on ease of use and stability.
Recent changes
Phusion Passenger is under constant maintenance and development. We are pleased to announce Phusion Passenger version 2.2.9. This is a bug fix release.
- Fixed compatibility with Rails 3.
-
Actually, previous Phusion Passenger releases were already compatible with Rails 3, depending on the spawn method that would be invoked. Here’s the story:
Since Phusion Passenger 2.2.8, when the file config.ru exists, Phusion Passenger will treat the app as a Rack app, not as a Rails app. This is in contrast to earlier versions which gave Rails detection more priority than Rack detection. Phusion Passenger loads Rack apps and Rails apps in different ways. The Rails loader was not compatible with Rails 3, which is what we’ve fixed in this release.
That said, a Rails 3 app would have worked out-of-the-box on Phusion Passenger 2.2.8 as well because Rails 3 apps include a config.ru file by default, causing Phusion Passenger 2.2.8 to use the Rack loader. Earlier versions of Phusion Passenger would just completely bail out because they’d use the Rails loader.
With 2.2.9 there are still some caveats:
- Smart spawning (the mechanism with which REE’s 33% memory reduction is implemented) is *not* supported for Rack apps. This means that if you want to utilize smart spawning with Rails 3, then you should remove your config.ru file.
- Rails 3 depends on Rack 1.1.0. You must have Rack 1.1.0 installed as a gem, even if you’ve bundled it with the gem bundler. This is because Phusion Passenger itself depends on Rack.
Both of these caveats are temporary. We have plans to solve both of these properly in the future.
- What’s up with the Gem Bundler?
-
There has been some reports that Phusion Passenger is not compatible with Yehuda Katz’s gem bundler. This might have been true for an earlier version of the gem bundler, but the latest version seems to work fine. Please note that you need to insert the following snippet in config/preinitializer.rb, as instructed by the gem bundler’s README:
require "#{RAILS_ROOT}/vendor/gems/environment"The Rails::Boot monkey patching code as posted here does not seem to be required anymore.
- Fixed support for ActiveRecord subclasses that connect to another database.
- ActiveRecord subclasses that connect to a database other than the default one did not have their connection correctly cleared after forking. This can result in weird errors along the lines of "Lost connection to MySQL server during query". Issue #429.
- [Nginx] Fixed PCRE URL.
- passenger-install-nginx-module downloads PCRE 7.8 if PCRE is not already installed. However PCRE 7.8 has been removed from their FTP server, so we’ve updated the URL to point to the latest version, 8.0.
How do I upgrade to 2.2.9?
Via a gem
Please install it with the following command:
gem install passenger
Next, run:
passenger-install-apache2-module
Or, if you’re an Nginx user:
passenger-install-nginx-module
Please don’t forget to copy & paste the Apache/Nginx config snippet that the installer gives you.
Via a native Linux package
John Leach from Brightbox has kindly provided an Ubuntu 8.04 package for Phusion Passenger. The package is available from the Brightbox repository which you can find at:
https://apt.brightbox.net
Add the following line to the Third Party Software Sources:
deb https://apt.brightbox.net hardy main
(The simplest way to do that is to create a file in /etc/apt/sources.list.d/ containing the deb instruction, and then run ‘apt-get update’).
Once you’ve done this then you can install Phusion Passenger by running:
sudo apt-get install libapache2-mod-passenger
-or-
sudo apt-get install nginx-brightbox
(Note that John is currently packaging 2.2.9, so it might take a while before this release shows up in the apt repository.)
Final
Phusion Passenger is provided to the community for free. If you like Phusion Passenger, please consider sending us a donation. Thank you!
Phusion Passenger 2.2.8 released
By Hongli Lai December 16th, 2009
Phusion Passenger is an Apache and Nginx module for deploying Ruby on Rails web applications, and is mainly focused on ease of use and stability.
Recent changes
Phusion Passenger is under constant maintenance and development. We are pleased to announce Phusion Passenger version 2.2.8. This is a bug fix release.
- [Nginx] Fixed some signal handling problems.
- Restarting Nginx on OS X with SIGHUP can sometimes take a long time or even fail completely. This is because of some signal handling problems, which have now been fixed.
- [Nginx] Added OpenSSL as dependency.
- OpenSSL is required in order to install Nginx, but this was not checked by passenger-install-nginx-module. As a result, passenger-install-nginx-module fails on e.g. out-of-the-box Ubuntu installations until the user manually installs OpenSSL. Issue #422.
- [Nginx] Fixed support for internal redirects and subrequests.
- It is now possible to, for example, point X-Accel-Redirects to Phusion Passenger-served URLs. Patch contributed by W. Andrew Loe III: issue #433.
- [Apache] Fixed a GnuTLS compatibility issue
- mod_gnutls can cause Phusion Passenger to crash because of an unchecked NULL pointer. This problem has now been fixed: issue #391.
- Fixed thread creation issue on Intel Itanium platforms.
- This fixes issue #427.
- Fixed compilation problems on Linux running on the Renesas SH4 CPU.
- Patch contributed by iwamatsu: issue #428.
- The Rack library has been unvendored.
- The original reason for vendoring was to work around broken Rails applications that explicitly specify Rack as a gem dependency. We’ve found a better workaround that does not require vendoring Rack. This also fixes a compatibility problem with Rails 3, because Rails 3 depends on a newer Rack version than the one we had vendored. Issue #432.
- Fixed compatibility with Ruby 1.9.1 patchlevel >= 152
-
Ruby 1.9.1 patchlevel >= 152 has a bug in its tempfile library. If you’ve seen an error message along the lines of
*** Exception IOError in Passenger RequestHandler (closed stream)
then this is a Ruby bug at work. This bug has been fixed in Ruby 1.9.2, but Ruby 1.9.1 still contains this bug. We’ve added a workaround so that the bug is not triggered with this Ruby version. Issue #432.
How do I upgrade to 2.2.8?
Via a gem
Please install it with the following command:
gem install passenger
Next, run:
passenger-install-apache2-module
Or, if you’re an Nginx user:
passenger-install-nginx-module
Please don’t forget to copy & paste the Apache/Nginx config snippet that the installer gives you.
Via a native Linux package
John Leach from Brightbox has kindly provided an Ubuntu 8.04 package for Phusion Passenger. The package is available from the Brightbox repository which you can find at:
https://apt.brightbox.net
Add the following line to the Third Party Software Sources:
deb https://apt.brightbox.net hardy main
(The simplest way to do that is to create a file in /etc/apt/sources.list.d/ containing the deb instruction, and then run ‘apt-get update’).
Once you’ve done this then you can install Phusion Passenger by running:
sudo apt-get install libapache2-mod-passenger
-or-
sudo apt-get install nginx-brightbox
(Note that John is currently packaging 2.2.8, so it might take a while before this release shows up in the apt repository.)
Final
Phusion Passenger is provided to the community for free. If you like Phusion Passenger, please consider sending us a donation. Thank you!
Google Tech Talk on Ruby Enterprise Edition
By Hongli Lai December 15th, 2009
Last Friday we visited the awesome Googleplex and gave a tech talk there about Ruby Enterprise Edition. This talk elaborates a bit on how REE works under the hood. Many thanks to John Woodell for making this possible!
-
Hello, we are Phusion. We provide amazing Ruby & Rails products and services to companies that shape our modern day culture.
Learn more
Phusion. All rights reserved.
“Phusion” and “Phusion Passenger” are registered trademarks of Phusion. “Rails”, “Ruby on Rails” and the Rails logo are registered trademarks of David Heinemeier Hansson. All other trademarks are property of their respective owners.