similar to: Rails AWS authentication????

Hiall, I would be very interested in your opinions on the ModelSecurity plugin by Bruce Perens. http://perens.com/FreeSoftware/ModelSecurity/Tutorial.html Some time ago, I read on a few pages that it is the way to go, on this list however, I didn''t read much about it. Apart from it''s security level, quoted from comments in source code: # FIX: At the moment we only support

Hi, I''m looking to create an online internet community for managing user profiles and other data. Thus, I would need that has the following features: o authentication - protect individual member pages/directories o session management o retrieve and reset passwords In short, I''m looking to create an online community. Thus, can someone direct me to a plugin(s) for

Hi, I''m building an application which is going to require quite fine grained access control. Deciding if a user is allowed to access an action will probably require checking quite number of different rules, so a simple role-based system won''t be flexible enough. The approach I think I will try first is, if it''s possible, to ignore permission issues inside the

I just saw a mention here of LoginEngine, which I hadn''t heard of before. Last week when I was digging for user-account sample code for my web-app, I instead found the LoginGenerator and started using that: http://wiki.rubyonrails.com/rails/pages/LoginGenerator Is one of these preferred over the other? From skimming the API docs, it does seem that LoginEngine has more features,

I''d like to always add a condition to any version of "find" (e.g. Thing.find(), Thing.find_by_name(), Thing.find_by_whatever) so that in addition to whatever conditions are set, an additional condition is set :conditions=>"user_id=#{current_user.id}" I''d like to make sure that a user only sees/edits/creates entries in the database that have the user_id

Hi all, I''m posting this in the hope that someone who understands rails dependencies can shed some light. I''ve implemented a "ModelSecurity" module in the vein of Bruce Peren''s old ModelSecurity plugin (http://rubyforge.org/projects/model- security/). My ModelSecurity module lives in $RAILS_ROOT/lib. It is automatically included into ActiveRecord::Base by a

I''m trying to install Bruce Perens'' ModelSecurity gem, but it keeps asking me if I want to install rails too (I have already installed rails). It exits if I say no and crashes if I say yes: C:\>"c:\ruby\bin\ruby.exe" "c:\ruby\bin\gem" install model_security_generator Attempting local installation of ''model_security_generator'' Local gem

Does anyone know a way to restrict access to specific columns in the model to specific users? My plan was to use the session hash to check the permissions of the logged in user in an overridden method of the same name as the model accessor I wanted to restrict, but the model can''t acecss the session. Any other ideas? -- Posted via http://www.ruby-forum.com/.

Hi group, I was wondering if anyone more experienced could help me to find a good pattern for two things: 1. How to group controllers. Example: We have an admin panel with: user_managment_controller.rb priv_managment_controller.rb widget_controller.rb User panel with: mystuff_controller.rb mytags_controller.rb profile_controller.rb And frontend with: widget_controller.rb etc... How do I group

Hi, Does anyone know how I can go about securing web services created from ActionWebService? The manual from rubyonrails.org (http://manuals.rubyonrails.com/read/book/10) doesn''t say anything at all on this ... or do I have to implement my own access control? -- Sau Sheong http://www.saush.com http://read.saush.com http://jaccal.sourceforge.net -------------- next part

Hi all I have a Model like this: class Member < ActiveRecord::Base attr_accessible :username, :email, :first_name, :last_name end I have created a scaffold using script/generate scaffold member members Using the URL localhost:3000/members/edit/1 I can edit all attributes, including created_at, lock_version etc.! But it should only show the attributes I listed in attr_accessible! What

Modelsecurity aims to provide access control within the data model so that it becomes easy & efficient to specify read or write access to individual fields. It has one of those "why didn''t I think of that?" designs which make a lot of sense. Has anyone else tried using the latest release of ModelSecurity? What has been your experience? Home

How to carry out log in, whether that is we enter a login and the password and it is checked is in a database? -- Posted via http://www.ruby-forum.com/.

I recently tried to submit a package to CRAN using the release function in the devtools package and got the response: > The policies asked you to use the webform: do so in future. I think that the relevant line in the policies are: > When submitting a package to CRAN you should use the submission form at > http://CRAN.R-project.org/submit.html (and not send an email). You will be sent

Hi all, How do folks generally secure their Rails web services? A password in a config file? A ''webservice'' user in a ''Users'' table with its own password? LDAP authentication for every method? Only authenticate on the "important" methods? Something else I''m not thinking of? I''d like to be secure, yet practical, for the sake

Hey guys, I''m trying to have a simple webform in my administration section to add a user. I have the text_fields for adding the user''s name, password, and password confirmation, but cannot seem to figure out the checkbox. I want it to be a single checkbox, that if clicked, will set the database column "access" to be "admin" and if its unchecked, set it to be

What''s a good solution for fixing character encoding problems for compatibility between ascii and utf-8? The database is postgres and is encoded in utf-8. Once in awhile there will be a compatibility error from strings from a webform. Is there a command to fix this besides using a_string.force_encoding(''utf-8'')? Even this doesn''t seem to always work either.

I''m trying to run some non-ruby code in my rails app and i''m not sure how to do this. The code i have would take a really long time to port to ruby and so i''d rather run it as is (its php). What i would like to have happen is that the code can be invoked as an ajax call. And just return some data in JSON. I keep running into a routing failure by actioncontroller and

I created a subversion repository on my new vps and i''m trying to setup my rails app there. However i keep getting this error: subversion/libsvn_subr/io.c:2516: (apr_err=13) svn: Can''t create directory ''/home/svnadmin/rapleaf/db/transactions/0-1.txn'': Permission denied How do i fix this? I know others have had this before, so i would appreciate some help.

It used to be the case that when I submitted a package and it gave notes or warnings in the CRAN checks, I was required to bump the package version before re-submission. I hope this is no longer the case.? I recently submitted a package that gave one fairly trivial NOTE, fixed that, and would like to re-submit. -Michael -- Michael Friendly Email: friendly AT yorku DOT ca Professor,