Re: [Rails] Re: Database level authentication

Ruby on Rails Tuesday, January 31, 2012

2012/1/31 Peter De Berdt <peter.de.berdt@pandora.be>:
>
> On 31 Jan 2012, at 10:43, Colin Law wrote:
>
>>> That would be second option.
>>
>>
>> Since you have top posted everyone will have to scroll down to see
>> which that is.  I will repeat it here to make it easier for those
>> reading it:
>>>>
>>>> prevent the user from logging in unless he uses a valid name/password
>>>> configured for the db
>>
>>
>> The only way I can think of doing that is to attempt to connect to
>> re-connect to the db when he logs in, using his credentials, and see
>> if it successful.
>
>
> There is actually a way to just query the database.
>
> You haven't said what database you're using, but the procedure should be
> more or less the same once you figure out how your specific database stores
> things.
>
> In case of MySQL, you would basically have to establish a connection with
> the database "mysql" from some ActiveRecord model (using
> "establish_connection", search it at http://api.rubyonrails.org/), then make
> sure your ActiveRecord model connects to the "user" table (singular! so use
> self.table_name="user" in Rails 3 or set_table_name in Rails 2) witin that
> database. Then you can just use a method like:
>
> Rails 2.x
> def authenticate(login, passwd)
>   self.first(:conditions => ["Login=? and Password=PASSWORD(?)", login,
> passwd])
> end
>
> Rails 3.x
> def authenticate(login, passwd)
>   self.where("Login=? and Password=PASSWORD(?)", login, passwd).first
> end
>
> This is completely untested and it's an authentication method I'm not too
> fond of, but this is more or less how you could get it done.
>
>
> Best regards
>
> Peter De Berdt

I'm using postgres.
Yea I think thats what I'm looking for, already made some tests and it
appears to be working - but we will see if there are any other
consequences at later time.

Thanks everyone for discuession.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Posted by Ruby on Rails at 8:20 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)