Protecting the Content of Public/ in a Rails App

Set content-disposition on public file types in Rails?

Rails/Rack never sees requests to your public folder, your front end web server should handle these. Assuming you are using Apache you could use this approach.

Failing that you can move the files out of the way and use either a rack middleware or a controller as mentioned to handle the request.

Protecting Content with AuthLogic

Make sure you have these methods in your application_controller.rb

def current_user_session
  return @current_user_session if defined?(@current_user_session)
  @current_user_session = UserSession.find
end

def current_user
  return @current_user if defined?(@current_user)
  @current_user = current_user_session && current_user_session.record
end

def require_user
  unless current_user
    store_location
    flash[:notice] = "You must be logged in to access this page"
    redirect_to new_user_session_url
    return false
  end
end

Then in your controllers you can use a before filter to limit access to pages

class ExamplesController < ActionController::Base
  before_filter :require_user, :only => :private

  def public
    // some public stuff
  end

  def private
    // some protected stuff
  end
end

Password protecting Rails site running on Nginx and Phusion Passenger

You need to re-specify passenger_enabled in the location block.

What is the simplest way to protect communication between an iOS application and a Rails application?

HTTPS is a straight forward way to secure communication as is passes over the wire. To reuse and token for subsequent communication can be done with oAuth. You may want to take the approach that Facebook adopted in their iOS SDK. They put up their login page in a UIWebView (HTTPS) and return the oAuth token for subsequent calls.

EDIT: Since SSL seems to be "off the table" - why don't you just authenticate with Basic Authentication and have each call re-authenticate instead of using a token.

---

Related Topics