Test Your Knowledge
Quiz
Where is user and password information stored?
Where do you need to
include AuthenticatedSystem
to make authentication available?How you tell a controller that users must be logged in to use that controller?
Where do you modify the rules that authorize users to have certain privileges?
How do you keep the logs from storing potentially sensitive security-related information?
Answers
User and password information is stored in the database, in a model you name when you first generate the authentication mechanisms.
You could put
include AuthenticatedSystem
in each of your controllers, but itâs no doubt easiest to put it into theApplicationController
class in app/controllers/application.rb.The
before_filter :login_required
method will block requests by unauthenticated users.You can redefine the
authorized?
method in theApplicationController
class in app/controllers/application.rb.You can keep sensitive information out of the logs with
filter_parameter_logging
.
Get Learning Rails now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.