Hi,
Can anyone give me a headsup/pointer re how to enable some (or all?) of
my pages to be SSL encrypted (e.g. login pages where password is being
transfered)? Is this in the ruby application or part of the apache
configuration? What doco should I brush up on?
I’m on Dreamhost so I don’t think I have full access to apache.
Tks
bump (still interested re this item if anyone knows how to do this)
bump (still interested re this item if anyone knows how to do this)
On Thu, Sep 14, 2006 at 06:50:54AM +1000, Greg H. wrote:
Can anyone give me a headsup/pointer re how to enable some (or all?) of
my pages to be SSL encrypted (e.g. login pages where password is being
transfered)? Is this in the ruby application or part of the apache
configuration? What doco should I brush up on?I’m on Dreamhost so I don’t think I have full access to apache.
Well, I don’t know how you would deal with it there, so my instructions
will be general.
Making some of your pages ssl requires some setup on your web server in
addition to some setup in your application.
On the web server, just make an ssl site.
You can then set up
some methods in app/controllers/application.rb which you can then use as
a
before_filter in your controllers. The two methods you need are
“ssl_required” and “ssl_prohibited”. They look something like this:
def ssl_required
unless @request.ssl?
redirect_to “https://#{@request.host}/#{@request.request_uri}”
end
end
def ssl_prohibited
if @request.ssl?
redirect_to “http://#{@request.host}/#{@request.request_uri}”
end
end
(this is untested, you might need to fix it. If so, please followup
this post with the fix for future searching)
You can then put:
before_filter :ssl_required, :only => [:cart, :checkout]
to force some items to ssl. You then use the opposite:
before_filter: ssl_prohibited
for controllers or actions that shouldn’t be ssl.
If you have access to web server config, you can also force ssl or
non-ssl on certain paths using “redirectmatch”. Doing it in your app
gives you a little more flexibility and keeps it all in one place.
Michael Darrin Chaney
[email protected]
http://www.michaelchaney.com/
excellent - thanks for these pointers Michael
it sounds like at dreamhost I have to pay more $$ to get SSL for my app
per
this
linkhttp://wiki.dreamhost.com/index.php/KB_/_Account_Control_Panel_/_Goodies_::_Secure_Server.
That is extra for:
(a) purchase a unique ip add-on ($3.95/month)
(b) purchase a secure certificate on their own from a party
Does this sound normal/reasonable? Is there another way to get SSL
happening for my application on dreamhost?
Tks
On Oct 21, 2006, at 4:37 PM, Greg H. wrote:
it sounds like at dreamhost I have to pay more $$ to get SSL for my
app per this link.That is extra for:
(a) purchase a unique ip add-on ($3.95/month)
(b) purchase a secure certificate on their own from a partyDoes this sound normal/reasonable? Is there another way to get SSL
happening for my application on dreamhost?
Sounds very reasonable for a shared host. You will always need a
certificate (Go Daddy has them for very cheap) and a static IP
address for SSL. Even if you were on a dedicated server, you’d have
to allocate a unique IP address and buy a certificate.
Brad
ok - thanks Brad
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs