-1

I want to create a Rails app where users can create their blog in a subdomain like : user1blog.myapp.com, user2blog.myapp.com etc...

I want to allow users to add html and javascript (sometimes they need to add popups to their blog, or tracking code ...)

I see a lot of website which allow users to add scripts and html without any restriction, but How i can do that too without affecting the security of my Rails app ?

Improve this question

1 Answer 1

Reset to default
0

There are multiple facets to this question:

Dynamic Subdomains:

Other questions address this:

Rails 4 Dynamic Subdomains

Ruby on Rails route for wildcard subdomains to a controller/action

short answer, there are many ways and it depends on your use case.

User submitted html, js

There are many solutions here as well.

I Suggest searching for "CMS" (Content Management System).

There are solutions like refinery, Comfy Mexican Sofa, and others. Again, it depends significantly on your use case.

Security of my Rails app

If you are allowing user submitted html and js, I would say that you are implicitly compromising the security of your site. Your Rails app itself might be securable, but that's a major thread of conversation about xss, auth[z/n], and other items. Again, highly dependent on your use cases.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

I know about subdomains but i don't think they resolve the security issue !! each time you say dependent in my use cases !!! I think my use case is very simple : find any type of solution to be secure and in the same time allow users to save javascript & html code. how sites like blogger and thumblr do ?
The problem is "the security issue" isn't identified in your question. What issue(s) are you worried about? For example, as a trivial case (that isn't good) - why can't you allow a form that allows arbitrary upload of files, with a text field for "subdomain"?
I don't specify an exact issue because I don't know about all the possibilities of attacks, but the main thing is preventing a user to get access to another user account, also i will have an admin area in my main domain which i won't other users to get access too...
also there is a monthly subscription, and i want the system to be secure enough ! I am open to all kind of ideas and suggestions...
In the meta section of this site (stackoverflow.com/help/dont-ask ) : "Your questions should be reasonably scoped. If you can imagine an entire book that answers your question, you’re asking too much." This comes close to that domain. I would suggest that you show what you've tried, what you expect, and how your current efforts/tech is insufficient in a specific manner, rather than a broad question such as this.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.