This preview shows page 1. Sign up to view the full content.
Unformatted text preview: hoto ID to prove that you are this person with that name. On a website, you may
enter in a username and password.
Don’t confuse this with authorization! Authorization refers to answering the question of “what is
this user allowed to access” - authentication asks “who is this user?”
Topic 5: HTTP Basic Auth
If you want something cheap and don’t need much security, you can use http basic
authentication. The following line at the top of a controller will create a popup that asks for the
username and password before allowing the user to proceed to each page that the controller
http_basic_authenticate_with :name => “dnj”, :password => “password”
If you don’t want this to apply to all methods within a controller, you can restrict it with extra
http_basic_authenticate_with :name => “username”, :password =>
“password” :except => [:index, :show]
http_basic_authenticate_with :name => “username” :password =>
“password” :only => :destroy
Note that this option is insecure because your password is always sent in plaintext, and the
password is stored in the code in plaintext. We might instead choose to use https as store a
password hash instead of the password itself.
Topic 6: Secure Authentication
Rails has a built-in helper method for authentication, called has_secure_password. It
encrypts user passwords for you before storing them. For the API docs on
has_secure_password, you can refer to
We’ll do an example to see how to use it:
rails generate model user email:string password_digest:string
Note that we need a “password_digest” column. This field stores the encrypted passwords.
has_secure_password assumes this field will exist. 4 has_secure_password
● must put “bcrypt-ruby” in Gemfile
● adds methods to set and authenticate the entered password
● adds validators to the password and password confirmation
● adds authentication functionality
Run the migration
View Full Document
This document was uploaded on 03/18/2014 for the course EECS 6.170 at MIT.
- Spring '13