Search Results

Search found 4 results on 1 pages for 'gaius parx'.

Page 1/1 | 1 

  • HTTP Basic authentication using Authlogic or authenticate_or_request_with_http_basic for API call?

    - by Gaius Parx
    I have a Rails 2.3.x app that implements the act_as_authentic in User model and a UserSession model as per Authlogic Github example. I am implementing an API to allow access from iPhone. Will be using HTTP Basic authentication via https (will not implement single access token). Each API call requires a username/password for the access. I am able to access the API by calling http://username:password@localhost:3000/books.xml for example. Authlogic will not persist if using the single access token. But I am using HTTP Basic which I think Authlogic will create session for the API calls, which is not used for my API methods. So for each API call I made, new session object is created. Thus appear to me that this would load up the server resource pretty quickly. Sounds like a bad idea. The alternative is to use the Rails authenticate_or_request_with_http_basic for API controllers. Example adding a before_filter: def require_http_auth_user authenticate_or_request_with_http_basic do |username, password| if @current_user = User.find_by_email(username) @current_user.valid_password?(password) else false end end end This will bypass the Authlogic UserSession and just use the User model. But this will involve using separate authentication codes in the app. Anyone has any comments and can share their experience? Thanks

    Read the article

  • Multiple Rails app, single MySQL database

    - by Gaius Parx
    I intend to have multiple Rails apps each for site.com, api.site.com, admin.site.com. All apps will access the same tables from one single MySQL database. Apps and database runs in the same server. Is there any settings in Rails, ActiveRecord or MySQL that I need to be concerned about for above access scenerio? Thanks Running: Rails 2.3.5, MySQL 5.0, Nginx, Passenger, RubyEE

    Read the article

  • Best practice to detect iPhone app only access for web services?

    - by Gaius Parx
    I am developing an iPhone app together with web services. The iPhone app will use GET or POST to retrieve data from the web services such as http://www.myserver.com/api/top10songs.json to get data for top ten songs for example. There is no user account and password for the iPhone app. What is the best practice to ensure that only my iPhone app have access to the web API http://www.myserver.com/api/top10songs.json? iPhone SDK's UIDevice uniqueueIdentifier is not sufficient as anyone can fake the device id as parameter making the API call using wget, curl or web browsers. The web services API will not be published. The data of the web services is not secret and private, I just want to prevent abuse as there are also API to write some data to the server such as usage log.

    Read the article

1