similar to: ModelSecurity for Rails by Bruce Perens

Hiall, I would be very interested in your opinions on the ModelSecurity plugin by Bruce Perens. http://perens.com/FreeSoftware/ModelSecurity/Tutorial.html Some time ago, I read on a few pages that it is the way to go, on this list however, I didn''t read much about it. Apart from it''s security level, quoted from comments in source code: # FIX: At the moment we only support

Hi all, I''m posting this in the hope that someone who understands rails dependencies can shed some light. I''ve implemented a "ModelSecurity" module in the vein of Bruce Peren''s old ModelSecurity plugin (http://rubyforge.org/projects/model- security/). My ModelSecurity module lives in $RAILS_ROOT/lib. It is automatically included into ActiveRecord::Base by a

Protest the Microsoft-Novell Patent Agreement self explanatory http://techp.org/petition/show/1 Craig

Hi, I''m building an application which is going to require quite fine grained access control. Deciding if a user is allowed to access an action will probably require checking quite number of different rules, so a simple role-based system won''t be flexible enough. The approach I think I will try first is, if it''s possible, to ignore permission issues inside the

I''m trying to install Bruce Perens'' ModelSecurity gem, but it keeps asking me if I want to install rails too (I have already installed rails). It exits if I say no and crashes if I say yes: C:\>"c:\ruby\bin\ruby.exe" "c:\ruby\bin\gem" install model_security_generator Attempting local installation of ''model_security_generator'' Local gem

I just saw a mention here of LoginEngine, which I hadn''t heard of before. Last week when I was digging for user-account sample code for my web-app, I instead found the LoginGenerator and started using that: http://wiki.rubyonrails.com/rails/pages/LoginGenerator Is one of these preferred over the other? From skimming the API docs, it does seem that LoginEngine has more features,

I''d like to always add a condition to any version of "find" (e.g. Thing.find(), Thing.find_by_name(), Thing.find_by_whatever) so that in addition to whatever conditions are set, an additional condition is set :conditions=>"user_id=#{current_user.id}" I''d like to make sure that a user only sees/edits/creates entries in the database that have the user_id

I''m impressed by the latest release of wxRuby2! Thanks to all the developers who worked on making this possible. It''s great to have wxWidgets working with Ruby - and the new sample programs are a tremendous help. There is a 700+ page book on wxWidgets - Cross-Platform GUI Programming with

Does anyone know a way to restrict access to specific columns in the model to specific users? My plan was to use the session hash to check the permissions of the logged in user in an overridden method of the same name as the model accessor I wanted to restrict, but the model can''t acecss the session. Any other ideas? -- Posted via http://www.ruby-forum.com/.

Hi, I''m looking to create an online internet community for managing user profiles and other data. Thus, I would need that has the following features: o authentication - protect individual member pages/directories o session management o retrieve and reset passwords In short, I''m looking to create an online community. Thus, can someone direct me to a plugin(s) for

Hi group, I was wondering if anyone more experienced could help me to find a good pattern for two things: 1. How to group controllers. Example: We have an admin panel with: user_managment_controller.rb priv_managment_controller.rb widget_controller.rb User panel with: mystuff_controller.rb mytags_controller.rb profile_controller.rb And frontend with: widget_controller.rb etc... How do I group

Is there a special code you have to place in the routes so filtering results through the URL works? For example, Ruby Forum does it with: http://www.ruby-forum.com/topic/new?forum_id=3 http://www.ruby-forum.com/topic/new?forum_id=5 http://www.ruby-forum.com/topic/new?forum_id=7 etc. Any ideas? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You

> I don't think it's an endpoint issue. I think the SIP packet headers get > over-written by the tunnel (openvpn) protocol. I'd be rather astonished if OpenVPN itself were responsible for this. As far as I know, OpenVPN doesn't do higher-level-protocol rewriting of any sort. It just provides the "bit pipe" through the tunnel. I'd suggest several other

Hi there, This is my first post :) I''ve read Agile and Rails Recipes book. Now i''m learning on making a good authentication system and as i read this maillist archive, i''m interested to have a demo source code (any .sit or .zip .tgz .bz2 would be fine, i''m using tiger 10.4.5) for Security Model by Bruce Perens or any other demos (like a part of

Hi List, I didn''t like the way store_location worked in rails. It doesn''t know you''ve pushed the "back" button, and it always returns to the top of a page. On a large page, the part you were looking at would no longer be on the screen. People try to deal with this using an AJAX hack, but it seems to me that the proper way to fix it is to store the return

Is it possible with acts_as_ferret to somehow restrict the results that are returned? For instance, I don''t want to return results that are logically deleted with acts_as_paranoid (deleted_at IS NOT NULL and deleted_at < now()). Also, if a user is not an Admin, they should not be able to return results that have a certain value in a certain column, like forum_id != 13 (if 13 is

(Seems to me that Icecast folks would be particularly concerned about this. Please consider the following, lend your signatures, and also *send it on* to appropriate interested parties. If you are a blogger or know clueful bloggers, please try to have it posted in a highly visible forum. -- Seth Johnson) Hello folks, Please review the important joint statement below, related to the WIPO

Hi all I have a Model like this: class Member < ActiveRecord::Base attr_accessible :username, :email, :first_name, :last_name end I have created a scaffold using script/generate scaffold member members Using the URL localhost:3000/members/edit/1 I can edit all attributes, including created_at, lock_version etc.! But it should only show the attributes I listed in attr_accessible! What

I want to setup an api for my web app, but i had a few question on the best way to do this. I was hoping for some input from you experienced individuals and rails rock stars. 1) Is there a way to implement a login in feature so that api methods cant be called without proper authorization? This is so i can log activity and use of the api from different people and so -------------- next part

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all! I'm trying to connect to ekiga.net through a client connected to my Asterisk server. For it I am being based on this [1] document. Next I put the configurations that I am using. /etc/asterisk/sip.conf: ; Outgoing to ekiga.net [ekiga] type=friend username=MyUser secret=MyPass host=ekiga.net canreinvite=no qualify=300 nat = yes stunaddr =