recitation4 notes

Wemightinsteadchoosetousehttpsasstorea

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: hoto ID to prove that you are this person with that name. On a website, you may enter in a username and password. Don’t confuse this with authorization! Authorization refers to answering the question of “what is this user allowed to access” - authentication asks “who is this user?” Topic 5: HTTP Basic Auth If you want something cheap and don’t need much security, you can use http basic authentication. The following line at the top of a controller will create a popup that asks for the username and password before allowing the user to proceed to each page that the controller opens. http_basic_authenticate_with :name => “dnj”, :password => “password” If you don’t want this to apply to all methods within a controller, you can restrict it with extra parameters: http_basic_authenticate_with :name => “username”, :password => “password” :except => [:index, :show] http_basic_authenticate_with :name => “username” :password => “password” :only => :destroy Note that this option is insecure because your password is always sent in plaintext, and the password is stored in the code in plaintext. We might instead choose to use https as store a password hash instead of the password itself. Topic 6: Secure Authentication Rails has a built-in helper method for authentication, called has_secure_password. It encrypts user passwords for you before storing them. For the API docs on has_secure_password, you can refer to http://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html. We’ll do an example to see how to use it: rails generate model user email:string password_digest:string Note that we need a “password_digest” column. This field stores the encrypted passwords. has_secure_password assumes this field will exist. 4 has_secure_password ● must put “bcrypt-ruby” in Gemfile ● adds methods to set and authenticate the entered password ● adds validators to the password and password confirmation ● adds authentication functionality Run the migration r...
View Full Document

This document was uploaded on 03/18/2014 for the course EECS 6.170 at MIT.

Ask a homework question - tutors are online