Just had a newbie question regarding http_basic_authenticate_with. If I'm placing in my controller something simplistic as,
http_basic_authenticate_with :name => "user", :password => "secret"
how can I make sure that the password is secured. I just want to be able to place an app in production/publish it and have the entire app password protected in a secure manner.
Thanks for any advice.
I can suggest to put password in environment. For example you can do http://www.cyberciti.biz/faq/set-environment-variable-linux/ export APP_USER='secret_user' export APP_PASSWORD='secret_password'
# then in controller
http_basic_authenticate_with :name => ENV['secret_user'], :password => ENV['secret_password']
Although the correct answer has been chosen; I like to add other options.
Scenario: Lets say you are creating a blog and want to have simple authentication. In your post_controller.rb you would add the following:
http_basic_authenticate_with name: ENV["BLOG_USERNAME"],password: ENV["BLOG_PASSWORD"],except: [:show]
In order to communicate with these variables 'securely', choose an option:
Option 1
Create application.yml file inside config folder; where you would add your configuration (username and password), for example:
BLOG_USERNAME: "admin"
BLOG_PASSWORD: "12345"
Now, since application.yml includes sensitive information, we want Git to ignore that file. Therefore add the following to .gitignore file: /config/application.yml
Now we need to load these variables by adding the following line to application.rb file:
ENV.update YAML.load(File.read(File.expand_path('../application.yml', __FILE__)))
Option 2 Use Figaro gem
Gemfile add gem "figaro", run bundle install and also runfigaro install.config/application.yml file and adds it to your .gitignore.