Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
To get started with your new second database, update your database.yml to include a secondbase
config key. All SecondBase configurations per Rails environment go under this config key.
# Default configurations:
development:
adapter: sqlserver
database: myapp_development
test:
adapter: sqlserver
database: myapp_test
# SecondBase configurations:
secondbase:
development:
adapter: mysql
database: myapp_development
test:
adapter: mysql
database: myapp_test
SecondBase aims to work seamlessly within your Rails application. When it makes sense, we run a mirrored db:second_base
task for matching ActiveRecord base database task. These can all be deactivated by setting config.second_base.run_with_db_tasks = false
in your Application's configuration. For example:
$ rake db:create
This will not only create your base development database, but it will also create your second database as specified by the configuration within the :secondbase
section of your database.yml. Below is a complete list of :db
tasks that automatically run a mirrored :db:second_base
task. Some private or over lapping tasks, like schema dump/loading or db:setup
, are not listed.
Not all base database tasks make sense to run a mirrored SecondBase task. These include tasks that move a single migration up/down, reporting on your database's current status/version, and others. These tasks have to be run explicitly and only operate on your SecondBase database. Each support any feature that their matching :db
task has. For example, using VERSION=123
to target a specific migration.
SecondBase migrations are stored in your application's db/secondbase/migrate
directory. Likewise, SecondBase will also dump your schema/structure file into the db/secondbase
directory. Full support for ActiveRecord's schema format being set to either :ruby
or :sql
is supported.
Migrations can be generated using the second_base:migration
name. Our generator is a subclass of ActiveRecord's. This means the SecondBase migration generator supports whatever features and arguments are supported by your current Rails version. For example:
$ rails generate second_base:migration CreateWidgetsTable
$ rails generate second_base:migration AddTitleBodyToPost title:string body:text
Any model who's table resides in your second database needs to inherit from SecondBase::Base
. ActiveRecord associations will still work between your base ActiveRecord and SecondBase models!
class Widget < SecondBase::Base
end
class User < ActiveRecord::Base
has_many :widgets
end
Sometimes you want to force a model that inherits from ActiveRecord::Base
to use the SecondBase::Base
connection. Using the SecondBase::Forced
module is a great way to accomplish this. By using this module, we do all the work to ensure the connection, management, and pool are properly freedom patched.
We recomend forcing modules using a Rails initializer. This example below forces both the DelayedJob ActiveRecord Backend and ActiveRecord session store to use your SecondBase database.
# In config/initializers/second_base.rb
Delayed::Backend::ActiveRecord::Job.extend SecondBase::Forced
ActiveRecord::SessionStore::Session.extend SecondBase::Forced
Rails 4.2 brought about a new way to keep your test database in sync by checking schema migrations. Where previously forcing a full test database schema load, Rails 4.2 and up is able to run your tests much faster. In order for SecondBase to take advantage of this, you will need to include our test help file directly following the Rails one. Open your test_helper.rb
and add our second_base/test_help
after rails/test_help
.
ENV["RAILS_ENV"] = "test"
require File.expand_path('../../config/environment', __FILE__)
require 'rails/test_help'
require 'second_base/test_help'
All SecondBase railtie settings are best done in a config/application.rb
file. We support the following configurations:
config.second_base.path # Default: 'db/secondbase'
config.second_base.config_key # Default: 'secondbase'
path
- Used as location for migrations & schema. Path is relative to application root.config_key
- The key to in database.yml/configurations to search for SecondBase configs.We love the Twelve Factors principals and using tools like Dotenv with Rails. Using SecondBase does not mean you have to abandon these best practices. You will however need to take advantage of a new feature in Rails 4.1 and upward that allows database.yml configurations to leverage a :url
key that will resolve and merge the same connection string format consumed by DATABASE_URL
. For example:
development:
database: encom-pg_development
url: <%= ENV.fetch('DATABASE_URL') %>
test:
database: encom-pg_test
url: <%= ENV.fetch('DATABASE_URL') %>
production:
url: <%= ENV.fetch('DATABASE_URL') %>
secondbase:
development:
database: encom-mysql_development
url: <%= ENV.fetch('DATABASE_URL_SECONDBASE') %>
test:
database: encom-mysql_test
url: <%= ENV.fetch('DATABASE_URL_SECONDBASE') %>
production:
url: <%= ENV.fetch('DATABASE_URL_SECONDBASE') %>
There are many ways to use Dotenv and enviornment variables. This is only one example and we hope it helps you decide on which is best for you.
Rails only knows about your base connection for the Rack-based query cache. In order to take advantage of this feature for your SecondBase, you will need to set an arround filter in your controller.
class ApplicationController < ActionController::Base
around_filter :query_cache_secondBase
private
def query_cache_secondBase
SecondBase::Base.connection.cache { yield }
end
end
The current master branch is for Rails v4.0.0 and up and. We have older work in previous v1.0 releases which partial work for Rails 3.2 or lower. These old versions are feature incomplete and are not supported.
We use the Appraisal gem from Thoughtbot to help us test different versions of Rails. The rake appraisal test
command actually runs our test suite against all Rails versions in our Appraisal
file. So after cloning the repo, running the following commands.
$ bundle install
$ bundle exec appraisal update
$ bundle exec appraisal rake test
If you want to run the tests for a specific Rails version, use one of the appraisal names found in our Appraisals
file. For example, the following will run our tests suite for Rails 4.1.x.
$ bundle exec appraisal rails41 rake test
FAQs
Unknown package
We found that secondbase demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.