I'm making an writing exam practice web app in Rails. The problem is that if users' answers are submited to the Internet, they will easily be detected by ETS. So when users write their answers again in real test, ETS will think they are coping answers from Internet and give them a fairly low score.
我在Rails上做一个写作考试练习web应用。问题是,如果用户的答案被提交到互联网上,很容易被ETS发现。因此,当用户在真实测试中再次写下他们的答案时,ETS会认为他们在应对来自互联网的答案,并给他们一个相当低的分数。
My approach to this, is to store users' eassay in session. So it will not be upload to Internet at all. But, how can I store an object in session?
我的方法是在会话中存储用户的eassay。所以它根本不会被上传到网上。但是,如何在会话中存储对象呢?
3 个解决方案
#1
20
To store something in a session you can do:
要在会话中存储一些内容,您可以:
session[:answer] = "some answer"
Then you can call the answer with:
然后你可以这样回答:
session[:answer]
Or you could use HTML5 localstorage:
或者你可以使用HTML5 localstorage:
<script>
localStorage.setItem("essay", "text");
localStorage.getItem("essay"); // => "text"
</script>
#2
5
- Rails stores data in a database (doesn't have to be on the "Internet")
- Rails在数据库中存储数据(不需要在“Internet”上)
- Storing lots of data in sessions is a really bad idea
- 在会话中存储大量数据是一个非常糟糕的想法
Sessions
会话
Rails sessions are meant to keep consistency throughout your app
Rails会话旨在在整个应用程序中保持一致性
IMO, sessions are best used for storing "snippets" of data (such as a single object, ids
etc), and are best used for these types of functions:
在我看来,会话最好用于存储数据的“片段”(如单个对象、id等),并且最好用于这些类型的功能:
- Shopping carts
- 购物车
- Security-centric systems (keeping secure data)
- 以安全为中心的系统(保存安全数据)
- Authentication (keeping a user logged in)
- 身份验证(保持用户登录)
Database
数据库
What you've asked is how you store people's answers in sessions
你要问的是如何在会话中存储人们的答案
I would argue you should store them in a database, but secure that DB with authentication (such as Devise):
我认为您应该将它们存储在一个数据库中,但是要确保DB具有身份验证(如设计):
#app/controllers/answers_controller.rb
def new
@answer = Answer.new
end
def create
@answer = Answer.new(answer_params)
@answer.save
end
private
def answers_params
params.require(:answer).permit(:body, :question_id).merge(user_id: current_user.id)
end
This will allow you to store the answers in a database (the database can be on your local computer, local Intranet, or anywhere you want)
这将允许您将答案存储在数据库中(数据库可以位于您的本地计算机、本地内部网或您想要的任何位置)
Security
安全
The key for you will be to secure your data
你的关键是保护你的数据
This is called Authentication
, and without going into huge detail, here's a great resource for you:
这被称为身份验证,无需深入讨论,这里有一个很好的资源供您参考:
http://railscasts.com/episodes/250-authentication-from-scratch
http://railscasts.com/episodes/250-authentication-from-scratch
#3
1
My approach to this, is to store users' eassay in session. So it will not be upload to Internet at all.
我的方法是在会话中存储用户的eassay。所以它根本不会被上传到网上。
Technically, that is not correct. The default implementation of sessions in rails is cookie based. So if you write something to the session, it's written to a cookie on the client. With each following request to your server, the cookie is send to the server, which i assume, is somehow connected the internet.
从技术上讲,这是不正确的。rails中会话的默认实现是基于cookie的。如果你给会话写东西,它会被写到客户端的cookie上。对于每个后续的请求,cookie都被发送到服务器,我认为,它以某种方式连接了internet。
Also, cookies and therefore sessions, are restricted in size (about 4kb). So you might not be able to store everything in a session.
此外,cookie和会话的大小也受到限制(大约4kb)。因此,您可能无法在会话中存储所有内容。
The problem is that if users' answers are submited to the Internet, they will easily be detected by ETS
问题是,如果用户的答案被提交到互联网上,很容易被ETS发现
That's the real question here:
这才是真正的问题:
Usually, if one doesn't want that other people (e.g. the ETS) can read your content, you restrict the access to the content. Either by passwords or by other means.
通常,如果一个人不希望其他人(比如ETS)阅读你的内容,你就限制了对内容的访问。要么通过密码,要么通过其他方式。
So, use some sort of authentication (answer by @Rich Peck), be extra careful that your content is only visible after an successful authentication, don't give the passwords to the ETS and you should be fine.
所以,使用某种身份验证(@Rich Peck回答),要特别注意,您的内容只有在成功的身份验证之后才可见,不要给ETS设置密码,您应该没问题。
#1
20
To store something in a session you can do:
要在会话中存储一些内容,您可以:
session[:answer] = "some answer"
Then you can call the answer with:
然后你可以这样回答:
session[:answer]
Or you could use HTML5 localstorage:
或者你可以使用HTML5 localstorage:
<script>
localStorage.setItem("essay", "text");
localStorage.getItem("essay"); // => "text"
</script>
#2
5
- Rails stores data in a database (doesn't have to be on the "Internet")
- Rails在数据库中存储数据(不需要在“Internet”上)
- Storing lots of data in sessions is a really bad idea
- 在会话中存储大量数据是一个非常糟糕的想法
Sessions
会话
Rails sessions are meant to keep consistency throughout your app
Rails会话旨在在整个应用程序中保持一致性
IMO, sessions are best used for storing "snippets" of data (such as a single object, ids
etc), and are best used for these types of functions:
在我看来,会话最好用于存储数据的“片段”(如单个对象、id等),并且最好用于这些类型的功能:
- Shopping carts
- 购物车
- Security-centric systems (keeping secure data)
- 以安全为中心的系统(保存安全数据)
- Authentication (keeping a user logged in)
- 身份验证(保持用户登录)
Database
数据库
What you've asked is how you store people's answers in sessions
你要问的是如何在会话中存储人们的答案
I would argue you should store them in a database, but secure that DB with authentication (such as Devise):
我认为您应该将它们存储在一个数据库中,但是要确保DB具有身份验证(如设计):
#app/controllers/answers_controller.rb
def new
@answer = Answer.new
end
def create
@answer = Answer.new(answer_params)
@answer.save
end
private
def answers_params
params.require(:answer).permit(:body, :question_id).merge(user_id: current_user.id)
end
This will allow you to store the answers in a database (the database can be on your local computer, local Intranet, or anywhere you want)
这将允许您将答案存储在数据库中(数据库可以位于您的本地计算机、本地内部网或您想要的任何位置)
Security
安全
The key for you will be to secure your data
你的关键是保护你的数据
This is called Authentication
, and without going into huge detail, here's a great resource for you:
这被称为身份验证,无需深入讨论,这里有一个很好的资源供您参考:
http://railscasts.com/episodes/250-authentication-from-scratch
http://railscasts.com/episodes/250-authentication-from-scratch
#3
1
My approach to this, is to store users' eassay in session. So it will not be upload to Internet at all.
我的方法是在会话中存储用户的eassay。所以它根本不会被上传到网上。
Technically, that is not correct. The default implementation of sessions in rails is cookie based. So if you write something to the session, it's written to a cookie on the client. With each following request to your server, the cookie is send to the server, which i assume, is somehow connected the internet.
从技术上讲,这是不正确的。rails中会话的默认实现是基于cookie的。如果你给会话写东西,它会被写到客户端的cookie上。对于每个后续的请求,cookie都被发送到服务器,我认为,它以某种方式连接了internet。
Also, cookies and therefore sessions, are restricted in size (about 4kb). So you might not be able to store everything in a session.
此外,cookie和会话的大小也受到限制(大约4kb)。因此,您可能无法在会话中存储所有内容。
The problem is that if users' answers are submited to the Internet, they will easily be detected by ETS
问题是,如果用户的答案被提交到互联网上,很容易被ETS发现
That's the real question here:
这才是真正的问题:
Usually, if one doesn't want that other people (e.g. the ETS) can read your content, you restrict the access to the content. Either by passwords or by other means.
通常,如果一个人不希望其他人(比如ETS)阅读你的内容,你就限制了对内容的访问。要么通过密码,要么通过其他方式。
So, use some sort of authentication (answer by @Rich Peck), be extra careful that your content is only visible after an successful authentication, don't give the passwords to the ETS and you should be fine.
所以,使用某种身份验证(@Rich Peck回答),要特别注意,您的内容只有在成功的身份验证之后才可见,不要给ETS设置密码,您应该没问题。