Hi I have where users can enter title and description that gets stored in the database. since this will not give information on who has entered what... I was thinking of haveing a filed say created_by to which I can insert the current logged in windows user_id. But I dont see a way of getting the current logged in user id. Can you please throw some light on this ? offcouse ENV[''USER''] would give the id, but this will be the id on which the server is running on it. But the user can access the application from any browser rrunning on any machine. Thanks Prasanna -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 7 Mar 2008, at 12:14, Prasanna kumar Nagasamudram wrote:> > Hi > > I have where users can enter title and description that gets stored in > the database. > since this will not give information on who has entered what... > I was thinking of haveing a filed say created_by to which I can insert > the current logged in windows user_id.If you mean that you want to be able to use active directory authentication then there''s some stuff out there on how to proceed: http://www.zorched.net/2007/06/04/active-directory-authentication-for-ruby-on-rails/ If you mean how you you would get some random person''s on the internet''s windows login name then that is quite obviously not going to happen (and wouldn''t be very useful since anyone can set that to be whatever they want to be, or not even be running windows at all). Fred> > > But I dont see a way of getting the current logged in user id. > > Can you please throw some light on this ? > > offcouse ENV[''USER''] would give the id, but this will be the id on > which > the server is running on it. > > But the user can access the application from any browser rrunning on > any > machine. > > > Thanks > Prasanna > -- > Posted via http://www.ruby-forum.com/. > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Prasanna kumar Nagasamudram
2008-Mar-10 11:20 UTC
Re: Gettting the current windows user id.
Frederick Cheung wrote:> On 7 Mar 2008, at 12:14, Prasanna kumar Nagasamudram wrote: > >> >> Hi >> >> I have where users can enter title and description that gets stored in >> the database. >> since this will not give information on who has entered what... >> I was thinking of haveing a filed say created_by to which I can insert >> the current logged in windows user_id. > > If you mean that you want to be able to use active directory > authentication then there''s some stuff out there on how to proceed: > http://www.zorched.net/2007/06/04/active-directory-authentication-for-ruby-on-rails/ > > If you mean how you you would get some random person''s on the > internet''s windows login name then that is quite obviously not going > to happen (and wouldn''t be very useful since anyone can set that to be > whatever they want to be, or not even be running windows at all). > > FredHi Fred I just need the current loggied in user .... I dont want to thow any dialog box. Say fro example i need to call create. I will call it as create?userid=abcd I just need to know where to get that abcd from ? Thanks Prasanna -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
If you''re talking about getting the username of the user account on the client machine, your only hope of getting that would be though client-side scripting. I don''t believe, and sure hope, that this is not possible using JavaScript. I would see this as a major security violation. JavaScript should be "sand-boxed" to only allow access to information within the browser or cookies for the current site. That being said, if you don''t mind limiting yourself to using Internet Explorer, I''m guessing you could break free from this security policy by using an ActiveX control, which we all know is dangerously insecure. Of course, doing so would limit your users to Microsoft Windows and Internet Explorer. Users of Firefox, or any other platform, would properly protect themselves from this security violation. On Mar 10, 7:20 am, Prasanna kumar Nagasamudram <rails-mailing- l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> Frederick Cheung wrote: > > On 7 Mar 2008, at 12:14, Prasanna kumar Nagasamudram wrote: > > >> Hi > > >> I have where users can enter title and description that gets stored in > >> the database. > >> since this will not give information on who has entered what... > >> I was thinking of haveing a filed say created_by to which I can insert > >> the current logged in windows user_id. > > > If you mean that you want to be able to use active directory > > authentication then there''s some stuff out there on how to proceed: > >http://www.zorched.net/2007/06/04/active-directory-authentication-for... > > > If you mean how you you would get some random person''s on the > > internet''s windows login name then that is quite obviously not going > > to happen (and wouldn''t be very useful since anyone can set that to be > > whatever they want to be, or not even be running windows at all). > > > Fred > > Hi Fred > > I just need the current loggied in user .... I dont want to thow any > dialog box. > > Say fro example i need to call create. I will call it as > create?userid=abcd > > I just need to know where to get that abcd from ? > > Thanks > > Prasanna > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Prasanna kumar Nagasamudram
2008-Mar-10 12:25 UTC
Re: Gettting the current windows user id.
Robert Walker wrote:> If you''re talking about getting the username of the user account on > the client machine, your only hope of getting that would be though > client-side scripting. I don''t believe, and sure hope, that this is > not possible using JavaScript. I would see this as a major security > violation. JavaScript should be "sand-boxed" to only allow access to > information within the browser or cookies for the current site. > > That being said, if you don''t mind limiting yourself to using Internet > Explorer, I''m guessing you could break free from this security policy > by using an ActiveX control, which we all know is dangerously > insecure. Of course, doing so would limit your users to Microsoft > Windows and Internet Explorer. Users of Firefox, or any other > platform, would properly protect themselves from this security > violation. > > On Mar 10, 7:20?am, Prasanna kumar Nagasamudram <rails-mailing-Any thoughts on this approach. I will have two fields Title and Description and I want to have a third field called create_by for which i dont want the user to enter, but should get automatically populated. Please let me know if you can think of an alternative approach than reading the user from the javascript(activex). Thanks Prasanna -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
You could implement an actual app login. If you use something like restful authentication it gives you a current_user method. On Mar 10, 8:25 am, Prasanna kumar Nagasamudram <rails-mailing- l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> Robert Walker wrote: > > If you''re talking about getting the username of the user account on > > the client machine, your only hope of getting that would be though > > client-side scripting. I don''t believe, and sure hope, that this is > > not possible using JavaScript. I would see this as a major security > > violation. JavaScript should be "sand-boxed" to only allow access to > > information within the browser or cookies for the current site. > > > That being said, if you don''t mind limiting yourself to using Internet > > Explorer, I''m guessing you could break free from this security policy > > by using an ActiveX control, which we all know is dangerously > > insecure. Of course, doing so would limit your users to Microsoft > > Windows and Internet Explorer. Users of Firefox, or any other > > platform, would properly protect themselves from this security > > violation. > > > On Mar 10, 7:20?am, Prasanna kumar Nagasamudram <rails-mailing- > > Any thoughts on this approach. > > I will have two fields > Title and Description and I want to have a third field called create_by > for which i dont want the user to enter, but should get automatically > populated. > > Please let me know if you can think of an alternative approach than > reading the user from the javascript(activex). > > Thanks > Prasanna > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Prasanna kumar Nagasamudram
2008-Mar-11 04:52 UTC
Re: Gettting the current windows user id.
Robert Walker wrote:> You could implement an actual app login. If you use something like > restful authentication it gives you a current_user method. > > On Mar 10, 8:25?am, Prasanna kumar Nagasamudram <rails-mailing-The only reason i thought about the other approache was to eniminate the resigration screen. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> The only reason i thought about the other approache was to eniminate the > resigration screen.I kinda figured that was the case. Well don''t. It''s part of life on the web. I''m suggestion is to just deal with it like the rest of us have to. Security is important and until somebody comes up with a better scheme than we have now web app users will have to deal with it too. That being said there are a number of great alternatives developing that are actually more secure and a lot more convenient for your users. The primary one being OpenID (http://openid.net). If you are unfamiliar with it, check it out. I now cringe whenever I see a web site that does not implement an OpenID login. And it''s now pretty easy to do in Rails so there''s just no longer any excuse not to do it. In the mean time I use a wonderful tool called 1password (http:// 1passwd.com). This allow me to create random strong passwords for all my various internet login forms and never have to worry about remembering them. All I need to remember is my one master password.. "One Password to rule them all, One Password to find them, One Password to bring them all and in the darkness bind them." On Mar 11, 12:52 am, Prasanna kumar Nagasamudram <rails-mailing- l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> Robert Walker wrote: > > You could implement an actual app login. If you use something like > > restful authentication it gives you a current_user method. > > > On Mar 10, 8:25?am, Prasanna kumar Nagasamudram <rails-mailing- > > The only reason i thought about the other approache was to eniminate the > resigration screen. > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---