Greg Hauptmann
2006-Sep-08 10:59 UTC
SSL for login pages - how do I configure this? (dreamhost)
Hi, Can anyone give me a headsup/pointer re how to enable some (or all?) of my pages to be SSL encrypted (e.g. login pages where password is being transfered)? Is this in the ruby application or part of the apache configuration? What doco should I brush up on? I''m on Dreamhost so I don''t think I have full access to apache. Tks -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Greg H
2006-Sep-09 10:35 UTC
Re: SSL for login pages - how do I configure this? (dreamhost)
bump (still interested re this item if anyone knows how to do this) On 9/8/06, Greg Hauptmann <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > > Hi, > > Can anyone give me a headsup/pointer re how to enable some (or all?) of > my pages to be SSL encrypted (e.g. login pages where password is being > transfered)? Is this in the ruby application or part of the apache > configuration? What doco should I brush up on? > > I''m on Dreamhost so I don''t think I have full access to apache. > > Tks > > -- > Posted via http://www.ruby-forum.com/. > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Greg Hauptmann
2006-Sep-13 20:50 UTC
Re: SSL for login pages - how do I configure this? (dreamhost)
bump (still interested re this item if anyone knows how to do this) On 9/9/06, Greg H <greg.hauptmann.ruby-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > bump (still interested re this item if anyone knows how to do this) > > On 9/8/06, Greg Hauptmann < rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote: > > > > > > Hi, > > > > Can anyone give me a headsup/pointer re how to enable some (or all?) of > > my pages to be SSL encrypted (e.g. login pages where password is being > > transfered)? Is this in the ruby application or part of the apache > > configuration? What doco should I brush up on? > > > > I''m on Dreamhost so I don''t think I have full access to apache. > > > > Tks > > > > -- > > Posted via http://www.ruby-forum.com/. > > > > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Michael Chaney
2006-Sep-13 23:06 UTC
Re: SSL for login pages - how do I configure this? (dreamhost)
On Thu, Sep 14, 2006 at 06:50:54AM +1000, Greg Hauptmann wrote:> > > Can anyone give me a headsup/pointer re how to enable some (or all?) of > > > my pages to be SSL encrypted (e.g. login pages where password is being > > > transfered)? Is this in the ruby application or part of the apache > > > configuration? What doco should I brush up on? > > > > > > I''m on Dreamhost so I don''t think I have full access to apache.Well, I don''t know how you would deal with it there, so my instructions will be general. Making some of your pages ssl requires some setup on your web server in addition to some setup in your application. On the web server, just make an ssl site. You can then set up some methods in app/controllers/application.rb which you can then use as a before_filter in your controllers. The two methods you need are "ssl_required" and "ssl_prohibited". They look something like this: def ssl_required unless @request.ssl? redirect_to "https://#{@request.host}/#{@request.request_uri}" end end def ssl_prohibited if @request.ssl? redirect_to "http://#{@request.host}/#{@request.request_uri}" end end (this is untested, you might need to fix it. If so, please followup this post with the fix for future searching) You can then put: before_filter :ssl_required, :only => [:cart, :checkout] to force some items to ssl. You then use the opposite: before_filter: ssl_prohibited for controllers or actions that shouldn''t be ssl. If you have access to web server config, you can also force ssl or non-ssl on certain paths using "redirectmatch". Doing it in your app gives you a little more flexibility and keeps it all in one place. Michael -- Michael Darrin Chaney mdchaney-c1nKWHh82D8TjS1aD1bK6AC/G2K4zDHf@public.gmane.org http://www.michaelchaney.com/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Greg Hauptmann
2006-Sep-14 07:29 UTC
Re: SSL for login pages - how do I configure this? (dreamhost)
excellent - thanks for these pointers Michael --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Greg Hauptmann
2006-Oct-21 21:37 UTC
Re: SSL for login pages - how do I configure this? (dreamhost)
it sounds like at dreamhost I have to pay more $$ to get SSL for my app per this link<http://wiki.dreamhost.com/index.php/KB_/_Account_Control_Panel_/_Goodies_::_Secure_Server>. That is extra for: (a) purchase a unique ip add-on ($3.95/month) (b) purchase a secure certificate on their own from a party Does this sound normal/reasonable? Is there another way to get SSL happening for my application on dreamhost? Tks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Brad Ediger
2006-Oct-21 21:59 UTC
Re: SSL for login pages - how do I configure this? (dreamhost)
On Oct 21, 2006, at 4:37 PM, Greg Hauptmann wrote:> it sounds like at dreamhost I have to pay more $$ to get SSL for my > app per this link. > > That is extra for: > (a) purchase a unique ip add-on ($3.95/month) > (b) purchase a secure certificate on their own from a party > > Does this sound normal/reasonable? Is there another way to get SSL > happening for my application on dreamhost? >Sounds very reasonable for a shared host. You will always need a certificate (Go Daddy has them for very cheap) and a static IP address for SSL. Even if you were on a dedicated server, you''d have to allocate a unique IP address and buy a certificate. Brad --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Greg Hauptmann
2006-Oct-21 22:04 UTC
Re: SSL for login pages - how do I configure this? (dreamhost)
ok - thanks Brad --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---