Just had a newbie question regarding http_basic_authenticate_with. If I'm placing in my controller something simplistic as,
http_basic_authenticate_with :name => "user", :password => "secret"
how can I make sure that the password is secured. I just want to be able to place an app in production/publish it and have the entire app password protected in a secure manner.
Thanks for any advice.
我可以建议将密码放入环境中。例如你可以做http://www.cyberciti.biz/faq/set-environment-variable-linux/ export APP_USER='secret_user' export APP_PASSWORD='secret_password'
# then in controller
http_basic_authenticate_with :name => ENV['secret_user'], :password => ENV['secret_password']
虽然选择了正确的答案;我喜欢添加其他选项。
场景:假设您正在创建一个博客并希望进行简单的身份验证。在您的post_controller.rb中,您将添加以下内容:
http_basic_authenticate_with name: ENV["BLOG_USERNAME"],password: ENV["BLOG_PASSWORD"],except: [:show]
为了“安全”地与这些变量进行通信,请选择一个选项:
选项1
application.yml在文件夹内创建文件config;您将在其中添加配置(用户名和密码),例如:
BLOG_USERNAME: "admin"
BLOG_PASSWORD: "12345"
现在,由于application.yml包含敏感信息,我们希望 Git 忽略该文件。因此将以下内容添加到.gitignore文件中:/config/application.yml
现在我们需要通过在文件中添加以下行来加载这些变量application.rb:
ENV.update YAML.load(File.read(File.expand_path('../application.yml', __FILE__)))
选项 2使用Figaro gem
Gemfile添加gem "figaro"、运行bundle install和运行中figaro install。config/application.yml文件并将其添加到您的.gitignore.