The idea of private methods in Ruby is fairly common, but we can have private attributes on class as well. class Course   attr_accessor :students   def get_stats p data end   private   attr_accessor :data   end   c = Course.new >> c.data => NoMethodError: private method `data’ called for #<Course:0x007ffb3a999bb0>   >> c.students => nil   >> c.get_status => nil Moving toward private accessors is a good idea when you need a secure system, (think medical records, or PCI compliance). The seriousness of these accessors being available to an entire system could bring a lot of production to a halt. This comes to pass as I am looking this principle most recently: http://en.wikipedia.org/wiki/Principle_of_least_privilege Only give the application access[…]

First, my apologies for really dropping my commitment to this blog the last six months. The next six months will be better, I promise. Second, the presenter pattern we built into our latest Ruby on Rails and Backbone.js application created an opportunity for XSS attacks. XSS attacks are nasty little security holes exploited through the DOM, although not common for casual users to hack, experienced hackers can cause a ruckus on your application if found. On our application we found the security hole in an authenticated area, which is better, none the less there are probably hundreds of applications using Backbone.js where this vulnerability is serious. In a Rails application it is possible/common to setup presenters to ready your API[…]