Reputation:
"obvious url in rails"
first off all please excuse me if i dont use all the right terminology. I have the URL issue with my rails app. Basically it works but I just find the url to be a bit too "obvious" and maybe a security issue.
example i have a user resource the users show page will go to websitename.com/users/user_id right ? This is probably convention but how do i go about changing that to display something random ? I tried using a secure token (not sure if it was the right thing to do) and sessions are saved in the token but the url is still quite obvious. Authorization works and non-signed in users cant just visit lets say user with id one lol. Please if this dosent make sense I will try and clarify just ask. Thanks.
Edit. Also can some one explain to me what a token does then, my understanding was instead of saving a user session with the user id and the id hets displayed, a users session was saved in a secure token and the token (generally random string) got displayed. wrong??
Upvotes: 0
Views: 104
Answers (2)
Reputation: 4157
You can overwrite the to_param method for your user object. You could then have i.e. a column in the database, where you store a hash that is your param for the object. See also the Rails guides section for that.
Upvotes: 1
Reputation: 537
Try https://rubygems.org/gems/friendly_id
It allows to have permalinks in urls instead of plain IDs
Upvotes: 0
Related Questions
- Authorisation through url
- authenticate_with_http_token method not found
- Rails: No route found when JWT token use in URL
- A url issue when implementing a resend token feature
- get access token from url
- What is the Rails secret token and how do I set it?
- Unknown token in URL in rails
- Why is Rails the authenticity token the only param that my app is passing?
- Links + params!
- Rails 2, session & token