My Rails application passwords were travelling over the network as
plain-text. Maybe the users wouldn’t like it (I surely wouldn’t), so I
decided to use some kind of encryption.
I have done my little research and found the ssl_requirement Rails
plugin and installed it. But when I try to access a secured page, I
can’t establish a connection to the server. I thought this would be
because my development webserver (webrick) wasn’t supporting
HTTPS/SSL.
What I really want to have is a server-independent way of having HTTPS
support (i.e. I don’t want to have to reconfigure when I switch
servers). For the time being, I am trying to edit my script/server to
start a ssl-enabled webrick instead of the default one. But I can’t
get it done because of a failure with the openssl library.
So now I am struggling with Rails and Webrick to get them speaking
HTTPS. Seems like webrick supports it (at least it is advertised on
theirpage), but when I try
require ‘webrick/https’
I get the following error:
LoadError: no such file to load – openssl
Seems like the openssl library should have been installed with Ruby,
but it wasn’t. This seems to be a known bug (I found a bug report on
the rubyforge Ruby tracker). I have tried to manually install the ruby
pki library (which includes openssl), but the download link on their
page is broken for me.
Any thoughts on this? Can I enable SSL support on webrick without all
this script/server hackery? Also, are there any other options that
would give me an acceptable security level without all this SSL stuff?
Cheers,
Thiago A.