VersaPay » Developer Blog Simplify Payment Processing Sat, 07 Feb 2015 22:22:34 +0000 en-US hourly 1 Simple Tips for your Online Security Wed, 11 May 2011 20:37:36 +0000 Website security

When entering private information, be sure to check that the site uses encryption to keep any data you enter on the website safe.

To tell if a website uses encryption, look for a web address with https (“s” for secure) with a lock icon beside it (as pictured below). It may look different depending on what web browser you use.

Secure URL bar

My password requirements

Length and complexity is pivotal to create the strongest possible password. A minimum of 7 characters, including alphanumerical, special characters, and is not the same as your last four passwords is required. Make it as long as possible, at least 14 characters is recommended. Your password should be changed on a regular basis, every 90 days you should be changing it or if there has been a change in personnel that had knowledge of the current password.

Microsoft suggests some smart guidelines to follow when creating passwords:
Password Example Table
Microsoft provides a password checker so you can test the strength of new passwords before putting them to use.

Some common mistakes made when creating passwords that you should avoid:

    1. Words found in a Dictionary (in any language).
    2. Words spelled backwards, common misspellings, and abbreviations.
    3. Sequences or repeated characters. Ex: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).
    4. Using your name, birthday, driver’s license, passport number, or any other personal information someone could connect to you.

How do I remember all these passwords?

Using the Mac OS X Keychain Access application or … Read more

]]> 0
active_sanity: Spot invalid records in your database Thu, 31 Mar 2011 22:08:09 +0000 ActiveRecord is great way to ensure your models are valid before saving them to the database. But as you add new validations or update existing ones, some of the existing records could become invalid. Do you have any invalid records in your production database?

It’s too late when you discover there are invalid records in your production environment.

  • Maybe a migration failed half way through when you deploy to production “It was working just fine on staging?!”
  • You get notified about a weird bug (and you can’t reproduce it on your dev machine)
  • Someone sends you an email saying that he can’t buy the dancing banana t-shirt on your webstore (and you’re lucky someone contacted you. How many people went to a concurrent webstore?)

Setup active_sanity, run it and fix your records.

  1. Add the following line to your Gemfile:
      gem "active_sanity"
  2. Run rake db:check_sanity on your production database. You should see something like:
    model       | id  | errors
    User        |   1 | { "email" =["is invalid"] }
    Flight      | 123 | { "arrival_time" =["can't be nil"], "departure_time" =["is invalid"] }
    Flight      | 323 | { "arrival_time" =["can't be nil"]
  3. Want to store those “invalid records” in the database to check them in your admin interface? Just run rails generate active_sanity to generate a migration and access the data through a model called InvalidRecord.

Run active_sanity against your production environment, say “OMG!” and go fix your records. Deployments will be less stressful and you’re gonna … Read more

]]> 0
The art and science of email rendering across email clients Wed, 30 Mar 2011 18:50:37 +0000 When someone receives an email from VersaPay saying that they’ve been sent money, they need to be able to claim their payment no matter what email client they’re using, and whether or not images are enabled.

We’ve come up with some best practices to balance great looks with a high level of usability in our emails and we’d like to share them with you.

First off, here is what one of our emails looks like with and without images enabled:

You’ll notice in both emails (with or without images) the messaging is clear:

  1. Someone has sent you money
  2. The reason they sent you money
  3. Here’s how you get your money

Tip 1: Don’t rely on images, always have a backup plan

Since many (most?) email clients remove images by default, it’s smart to never rely exclusively on images for anything mission-critical (call to action buttons, headings, backgrounds, etc).

You’ll notice that in our emails, the yellow call-to-action button and its text are visible and totally obvious whether or not images are enabled. In the worst case scenario, the user won’t see the nice gradient background but still knows exactly where to click to claim their payment.

This works because we use an image only for the background of the button, but not the button text itself. We also apply the image background with a BACKGROUND attribute and fall back on a plain yellow background color with the BGCOLOR attribute that the user will see if images aren’t enabled.


Read more]]> 0
Cucumber Tips Thu, 17 Mar 2011 17:24:34 +0000 VersaPay’s development team have built the VersaPay app using Ruby on Rails. Our team often uses cucumbers to test our app and Philippe Creux has shared some of their best practices below. We hope you find this post useful!

After (My) RSpec best practices and tips, I’m happy to share my Cucumber best practices and tips! This article will help you organize, clarify and reduce the size of your cucumber scenarios.

1. Organize your garden

Keep your feature files organized by grouping them by business object, then action and context if any. I put all the feature files in the same directory. For instance:


The steps specific to the application should be organized by business object as well (bank_account_steps.rbuser_steps.rb…). Keep the file organized grouping the steps by GivenWhenThen. Do not overload the files generated by Cucumber likestep_definitions/web_steps.rb and support/env.rb with your own steps, helpers or setup code. These files are likely to get overwritten when you update Cucumber so store your stuff in your own files.

2. Custom steps make your scenario DRY and accessible

Scenarios should have the same lifecyle as your code: go Red, go Green, Refactor to make them DRY (don’t repeat yourself) and easy to read. Group multiple steps in one. For instance:

  Given I follow "Send money"
  When I fill in "Email" with "MailGuard('mukmuk','')"
  And I fill in "Amount" with "10"
  And I select "Bank account" from "Source"
Read more]]> 0
Git Tips from git ready Thu, 17 Mar 2011 17:08:37 +0000 Looking to enhance your git proficiency? After browsing around the web I found a great site with short git tutorials and tips: Unlike most reference material each command is explained through simple examples making the site great for learning. Tutorials are also conveniently categorized into difficulty levels: beginner, intermediate and advanced.

My favorite tip so far is Bash Auto Completion, a short article on installing an auto completion script for git use on bash. This script auto-completes branch names (among other operations) so I don’t need to type the entire command when checking out a branch out.

- Sam R. Developer.… Read more

]]> 0