How Secured is your Rails App?
What do you prefer in terms of Authentication?
Plugin – Restful Authentication (recommended) – easy to use and you can tweak it according to your requirements.
http://railscasts.com/episodes/67 http://svn.techno-weenie.net/projects/plugins/restful_authentication/
Build your own authentication. You should rarely need to do this … Restful Authentication is quite flexible.
http://www.aidanf.net/rails_user_authentication_tutorial
OpenID – a universal authentication system to avoid use of multiple username and password on the Internet. OpenID is getting quite famous now-a-days.
http://media.railscasts.com/videos/068_openid_authentication.mov http://agilewebdevelopment.com/plugins/openidauthentication
Access Control : To easily proivde different priviliges to your users. There are a lot of cool plugins available for access control.
https://opensvn.csie.org/traccgi/tobionrails
http://code.google.com/p/rolerequirement/
http://agilewebdevelopment.com/plugins/activeacl_rails_authorization_system
Centralized Authentication Server – is used to implement single login/password for your users across multiple application. It can also be used for a single sign-on system. For example, Gmail and Google Reader have a single sign-on between them.
http://agilewebdevelopment.com/plugins/cas_authentication_filter
Use Google Authentication API to let your users login using their google username and password.
http://rubyforge.org/projects/asgoogleaccount/
More Plugins :
Rails inbuilt Authentication – http://ryandaigle.com/articles/2006/12/4/whats-new-in…
Acts_as_authenticated – http://technoweenie.stikipad.com/plugins/show/User+Authentication
Super Simple Authentication – http://ariejan.net/2007/08/24/super-simple-…
How secured is your Model?
SQL Injection
The problem arises when metacharacters are injected into your queries to database. Rails has a very good support to avoid SQL injection if you follow conventions in issuing queries to your database.