Authentication and registration plug-in?

chirag · June 5, 2007, 4:43pm

I’m designing a HIPAA compliant Rails site and need a plug-in to do
the following

Auto-Expiry: Each user is assigned a unique password; system has

password expiration enabled with expiration time configurable by
system administrator.

salted password

Secure Connection: Usage of HTTPS and SSL

e-mail registration

I’ve seen the list of authentication plugins (http://
wiki.rubyonrails.org/rails/pages/Authentication) but wanted to get
some feedback from someone who has implemented as many of the above
features as possible. Any advice on picking and implementing one of
these plug-ins?

Thanks!
Chirag

chirag · June 7, 2007, 6:44am

I’ve used restful_authentication and it does everything except the
auto-expiry, which should be straightforward to add. You’ll need to
add the SSL setup, which is easy with the ssl_requirement plugin.

Do you have any pointers to good summaries of what is required to make
a Rails site HIPAA compliant?

Michael
www.mslater.com