Forum: Ruby on Rails [ANN] Secure Actions Plugin

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
7a660ccf8fa68a5d4b145bdc5f6fef0e?d=identicon&s=25 (Guest)
on 2007-01-29 05:01
(Received via mailing list)
Hi all,

This plugin lets you specify which actions *must* be run under ssl
(https). If a declared action is run without ssl, the user is redirect
to https. Also, once you declare an action to "require_ssl", any links
to that action are going to be https:// links.

Hopefully you all will find this useful.

153107d9ef8352ea7f787d2090d81666?d=identicon&s=25 (Guest)
on 2007-01-29 10:41
(Received via mailing list)
Looks good, thanks.  I'll give this a try.

Question:  How is this different from the ssl_requirement plugin from
DHH?  Is it based off it?  How have you improved/modified it?
7a660ccf8fa68a5d4b145bdc5f6fef0e?d=identicon&s=25 (Guest)
on 2007-01-29 17:58
(Received via mailing list)
Thanks Marson,

The one main thing that this plugin adds to DHH's ssl_requirement
plugin is the automatic https:// links to secure actions when using
link_to, etc.

The idea was really this: Redirecting a user to a secure version of
the site if that action is declared "secure" is an ok solution, but it
is really a failsace. If you are posting to an action with your login/
password and you post it to http://, then being redirected to https://
is kind of meaningless since your credentials were transmitted in the
clear once.

With this plugin, you can declare your secure actions in one place,
and are assured that any forms, links, etc to those actions are going
to be https://

Hope this helps

On Jan 29, 3:40 am, "" <>
This topic is locked and can not be replied to.