Reputation: 2911
Ruby on Rails, bcrypt and iOS authorization
I have Ruby on Rails app with user authorization system based on bcrypt gem. Also have an iOS app and I need provide authorization system to this app. How can I do it in the best way? Suggesting, passing open password from iOS to RoR is not secure. Creating one salt for all records? Or only ssl is the variant?
Upvotes: 0
Views: 282
Answers (1)
Reputation: 4791
If you're going to have third-party client applications accessing the API then you'll want to use something like oAuth.
If you'll be in control of all the clients, then passing the username/password over SSL for authentication is secure (enough).
If you don't want to send U/P over the wire with every request, or want to make it easier to revoke client access, then consider allowing a U/P to authenticate once and then get an authentication token that is used on all subsequent requests. Something like Devise::token_authenticatable.
This post explains why Devise (if you're using RoR I'm guessing you're using devise for authentication) deprecated token_authenticatable and what you can do in response.
Ultimately if you're not using SSL to communicate with the server then there is no secure solution, because your traffic can be easily sniffed and then your client application imitated.
Upvotes: 1
Related Questions
- Ruby on Rails user and password validation
- How do I use bcrypt in rails and validate the password?
- Password Authentication using BCrypt
- PHP BCrypt for Ruby on Rails Devise passwords
- BCrypt authentication always failing RAILS
- Rails authentication error using bcrypt
- Bcrypt ruby on rails
- Cannot get BCrypt autentication to work
- Using BCrypt in Rails to manually authenticate
- New User Form with Rails and Bcrypt