Hi all,
How do folks generally secure their Rails web services? A password in a
config
file? A ‘webservice’ user in a ‘Users’ table with its own password?
LDAP
authentication for every method? Only authenticate on the “important”
methods?
Something else I’m not thinking of?
I’d like to be secure, yet practical, for the sake of current and future
developers.
What approach do Rails folks generally take?
Thanks,
Dan
Daniel B. wrote:
Hi all,
How do folks generally secure their Rails web services? A password in a
config
file? A ‘webservice’ user in a ‘Users’ table with its own password?
LDAP
authentication for every method? Only authenticate on the “important”
methods?
Something else I’m not thinking of?I’d like to be secure, yet practical, for the sake of current and future
developers.What approach do Rails folks generally take?
Thanks,
Dan
I would be interested in this as well. In our case, only pre-authorized
users can access our service, so they must transmit a pre-determined
identified with the request. If the id does not match a known id (in our
database) the call is rejected (using before_invocation)
Keith
On 4/11/06, Daniel B. [email protected] wrote:
What approach do Rails folks generally take?
You can utilize https protocol and pass user name and password with
every method. Or you can try to use wss4r. It depends on whichever
solution best fits your needs.
I use a simple method – I send up the username/password and use the
same authentication as the web app, every time. It’s not terribly
secured though, but my app is not a highly secured anyway. Just to
prevent a user to accidentally adding or erasing another user’s data.
I’m looking at WSS4R, looks promising just gotten it to work today.
Keith L. wrote:
Something else I’m not thinking of?
I would be interested in this as well. In our case, only pre-authorized
users can access our service, so they must transmit a pre-determined
identified with the request. If the id does not match a known id (in our
database) the call is rejected (using before_invocation)Keith
–
Sau S.
http://blog.saush.com
http://read.saush.com
http://jaccal.sourceforge.net
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs