RubyFlow The Ruby and Rails community linklog

×

The Ruby and Rails community linklog

Made a library? Written a blog post? Found a useful tutorial? Share it with the Ruby community here or just enjoy what everyone else has found!

Painless Password Protection in Sinatra (Database-less)

by rellik

For Inspectinator (a sinatra microapp), I needed a database-less authentication solution that was as lightweight as possible, but with a reasonable amount of security and maintainability. I came up with something that suits this purpose well, and I’m sharing it in case anyone is looking for something similar. I call it EasyAuth. Here ya go

Comments

I’ll get flagged as a troll for saying this but this is another example of poor code being posted here. There are too many problems with this to list so I’ll just say be safe and stay away.

ANonymousCritic

n: Thanks for your comments. I’ve had an interesting time reading up on rainbow tables and slow vs fast hashing schemes. I’ve updated the gist to use salts and bcrypt. As far as the cookie value, the problem is storing the cookie value server-side (for an app without a database). Nothing comes to mind about how to get around this, but I’m open to suggestions.

ANonymousCritic: I cannot respond to criticism that amounts simply to “this sucks.” I’m definitely open to (hopefully constructive) criticism if you have something specific to say.

rellik

Post a comment

You can use basic HTML markup (e.g. <a>) or Markdown.

As you are not logged in, you will be
directed via GitHub to signup or sign in