This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Ruby on Rails Authentication Cheatsheet
From OWASP
Revision as of 14:34, 28 February 2018 by ZaurMolotnikov (talk | contribs) (Created the cheat sheet)
Secure user authentication in ruby on rails is discussed here.
Implementing authentication in a typical Rails application is made easy and secure with devise gem.
Install it using:
gem 'devise'
Then install it to the user model:
rails generate devise:install
Next, specify which resources (routes) require authenticated access in your routes, config/routes.rb:
Rails.application.routes.draw do
authenticate :user do
resources :something do # these resource require authentication
...
end
end
devise_for :users # sign-up/-in/out routes
root to: 'static#home' # no authentication required
end
To make authentication secure, enforce higher password complexity and allow TLS connections only.