Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Heroku powered private restricted beta

I'd like to run an app in a restricted private beta on heroku.

We're changing the app regularly and haven't done a security audit.

To stop anyone exploiting stuff, we'd like to lock down the whole site, so you need a password to access anything.

Ideally similar to using .htaccess and .htpasswd files to lock an entire site on an Apache server.

Is there a simple one shot way to do this for a heroku hosted app?

like image 781
Ben Sand Avatar asked Jun 11 '10 12:06

Ben Sand


People also ask

What are the limitations of free Heroku?

free, hobby and standard-1x have 512 MB. standard-2x has 1024 MB. performance-m has 2.5 GB.

Can Heroku be private?

Private Spaces are currently available only in Heroku Enterprise. Private Spaces are dedicated environments for running dynos and certain types of add-ons within an isolated network. Access to apps in a Private Space can be controlled at the network level.

What happens if your app sleeps on Heroku?

When Do Apps Sleep? When an app on Heroku has only one web dyno and that dyno doesn't receive any traffic in 1 hour, the dyno goes to sleep. When someone accesses the app, the dyno manager will automatically wake up the web dyno to run the web process type.

Why you shouldn't use Heroku?

It's Expensive A single minimum-power dyno runs you $36 per month (note: pricing is out of date), assuming you need barely any space in Postgres. Heroku is basically going to cost you at least twice what a VPS would cost (e.g. Linode or Digital Ocean) and give you much less power.


2 Answers

Just use authenticate_or_request_with_http_basic in a before_filter in your ApplicationController.

See this Railscasts episode for instructions: http://railscasts.com/episodes/82-http-basic-authentication

like image 117
plindberg Avatar answered Nov 03 '22 15:11

plindberg


.htaccess and .htpasswd basically tells Apache to authenticate the user using a Basic Auth system. You can do the same with a pure-Rack layer.

See http://rack.rubyforge.org/doc/Rack/Auth/Basic.html

Because you are using Heroku, I assume you are deploying a Rack-compatible application (either a Rack, Rails or Sinatra app).

like image 26
Simone Carletti Avatar answered Nov 03 '22 15:11

Simone Carletti