Alex, Awesome idea, sign me up!
I'd be curious if you can run the http://tryruby.org/ app on heroku, or follow the structure that they are using for codeschool.com, which allows you to interactively write and run code. usually you can find a way to get things to work on heroku On Wed, Jul 27, 2011 at 12:06 PM, Alex Chaffee <a...@stinky.com> wrote: > Dear Heroku - > > I've developed a set of test-first ruby training exercises at > http://testfirst.org and I've been brainstorming about how to take it to > the next level. I've been imagining an interactive web site, where users can > edit code and run RSpec tests from inside their web browser. > > Unfortunately (for me and for the whole world) the SCRIPT tag only supports > JavaScript on most browsers. So I'd have to send the students' code to a web > server and execute it there. > > The problem with that is security. The code is all open source and I won't > be storing any sensitive information, so I'm not worried about malicious > crackers[1], but there's still a risk that a student could, accidentally or > on purpose, break or otherwise compromise the functionality of the app if > I'm evaling arbitrary code on their behalf. > > I know about $SAFE but I don't think it's actually safe enough for this > purpose. I've also heard of Why's Freaky Sandbox but I couldn't find the > code anywhere (R.I.P.) > > So I had a thought: what if I have a master app, and a student could > connect to it, temporarily give me his Heroku credentials, and then I could > spin up a lab app under his Heroku account that only he knows the URL to. > Anything he breaks would just affect his own instance, and I could have a > big "reset" button that could clean up ("heroku restart") after that. I'd > still use $SAFE to stop access to the filesystem, but even that wouldn't be > very risky. > > Is there a way to do this cleanly? Say, with a Heroku OAuth API? > > Oh, wait, I think I just figured it out! > > I can't create an app with the user's credentials. But I can create an app > with *my* credentials (SSH keys) and then transfer ownership to the user > (after appropriate email validation, of course). > > So I guess now my question becomes, can I use the heroku gem or CLI from > inside a running heroku app? > > - A > > [1] not nearly as tasty as Animal Crackers. > > (cc'ing the test-first-teaching google group in case someone there has any > bright ideas or wants to contribute) > > -- > Alex Chaffee - a...@stinky.com - http://alexch.github.com > Stalk me: http://friendfeed.com/alexch | http://twitter.com/alexch | > http://alexch.tumblr.com > > -- > You received this message because you are subscribed to the Google Groups > "Heroku" group. > To post to this group, send email to heroku@googlegroups.com. > To unsubscribe from this group, send email to > heroku+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/heroku?hl=en. > -- Thanks, -John -- You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to heroku@googlegroups.com. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
