My Rails application passwords were travelling over the network as plain-text. Maybe the users wouldn't like it (I surely wouldn't), so I decided to use some kind of encryption. I have done my little research and found the ssl_requirement Rails plugin and installed it. But when I try to access a secured page, I can't establish a connection to the server. I thought this would be because my development webserver (webrick) wasn't supporting HTTPS/SSL. What I really want to have is a server-independent way of having HTTPS support (i.e. I don't want to have to reconfigure when I switch servers). For the time being, I am trying to edit my script/server to start a ssl-enabled webrick instead of the default one. But I can't get it done because of a failure with the openssl library. So now I am struggling with Rails and Webrick to get them speaking HTTPS. Seems like webrick supports it (at least it is advertised on theirpage), but when I try require 'webrick/https' I get the following error: LoadError: no such file to load -- openssl Seems like the openssl library should have been installed with Ruby, but it wasn't. This seems to be a known bug (I found a bug report on the rubyforge Ruby tracker). I have tried to manually install the ruby pki library (which includes openssl), but the download link on their page is broken for me. Any thoughts on this? Can I enable SSL support on webrick without all this script/server hackery? Also, are there any other options that would give me an acceptable security level without all this SSL stuff? Cheers, Thiago A.
on 2006-04-15 20:05