3.9. Resources
The new standard plugin for user authentication is Restful Authentication, by Rick Olson, which you can install from http://svn.techno-weenie.net/projects/plugins/restful_authentication. It provides a slightly different design for the same basic login, password management, and cookie functionality as discussed in this chapter. It's quite easy to incorporate the plugin into your application.
Bernie Thompson has a guide to getting started with OpenID at http://leancode.com/openid-for-rails.
For general insight on Rails security issues, check out www.rorsecurity.info, a blog by Heiko Webers. Be sure to look at the security checklist at www.rorsecurity.info/ruby-on-rails-security-cheatsheet or the similar one at www.quarkruby.com/2007/9/20/ruby-on-rails-security-guide for extensive details on locking down your Rails application.
There are several different plugins that manage CAPTCHA tests. The implementation shown in this chapter was inspired by a description of the BrainBuster plugin by Rob Sanheim, available at http://code.google.com/p/robsanheim/wiki/BrainBuster. There's also a Ruby gem called Turing (http://turing.rubyforge.org) and a plugin called CAPTCHA (http://sargon.interinter.net/validates_captcha) that do image-based CAPTCHA and depend on ImageMagick (see Chapter 11). And there's also Simple Captcha (http://agilewebdevelopment.com/plugins/simple_captcha).
Get Professional Ruby on Rails™ now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
