CODEWITHSUNDEEP
ruby-on-railsauthenticationpasswords
user2004710
user2004710

Reputation: 187

Rails http_basic_authenticate_with

Just had a newbie question regarding http_basic_authenticate_with. If I'm placing in my controller something simplistic as,

http_basic_authenticate_with :name => "user", :password => "secret"

how can I make sure that the password is secured. I just want to be able to place an app in production/publish it and have the entire app password protected in a secure manner.

Thanks for any advice.

Upvotes: 3

Views: 3107

Answers (2)

egyamado
egyamado

Reputation: 1121

Although the correct answer has been chosen; I like to add other options.

Scenario: Lets say you are creating a blog and want to have simple authentication. In your post_controller.rb you would add the following: 

http_basic_authenticate_with name: ENV["BLOG_USERNAME"],password: ENV["BLOG_PASSWORD"],except: [:show]

In order to communicate with these variables 'securely', choose an option:

  1. Option 1

    • Create application.yml file inside config folder; where you would add your configuration (username and password), for example: 

      BLOG_USERNAME: "admin"
BLOG_PASSWORD: "12345"

    • Now, since application.yml includes sensitive information, we want Git to ignore that file. Therefore add the following to .gitignore file: /config/application.yml

    • Now we need to load these variables by adding the following line to application.rb file:

      ENV.update YAML.load(File.read(File.expand_path('../application.yml', __FILE__)))

  2. Option 2 Use Figaro gem

    • In your Gemfile add gem "figaro", run bundle install and also runfigaro install.
      Figaro will create config/application.yml file and adds it to your .gitignore.
    • Now add your own configuration to this file similar to step 1 above also follow step 3 and you're done!
      Check Figaro's documentation for more details.

Upvotes: 0

Igor Kasyanchuk
Igor Kasyanchuk

Reputation: 774

I can suggest to put password in environment. For example you can do http://www.cyberciti.biz/faq/set-environment-variable-linux/ export APP_USER='secret_user' export APP_PASSWORD='secret_password'

# then in controller
http_basic_authenticate_with :name => ENV['secret_user'], :password => ENV['secret_password']

Upvotes: 5

Related Questions