Test Your Knowledge

Quiz

  1. Where is user and password information stored?

  2. Where do you need to include AuthenticatedSystem to make authentication available?

  3. How you tell a controller that users must be logged in to use that controller?

  4. Where do you modify the rules that authorize users to have certain privileges?

  5. How do you keep the logs from storing potentially sensitive security-related information?

Answers

  1. User and password information is stored in the database, in a model you name when you first generate the authentication mechanisms.

  2. You could put include AuthenticatedSystem in each of your controllers, but it’s no doubt easiest to put it into the ApplicationController class in app/controllers/application.rb.

  3. The before_filter :login_required method will block requests by unauthenticated users.

  4. You can redefine the authorized? method in the ApplicationController class in app/controllers/application.rb.

  5. You can keep sensitive information out of the logs with filter_parameter_logging.

Get Learning Rails now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial