Menu
I'm trying to work out what the best way to secure my staging environment would be. Currently I'm running both staging and production on the same server.
The two options I can think of would be to:
Use rails digest authentication
I could put something like this in the application_controller.rb
# Password protection for staging environment
if RAILS_ENV == 'staging'
before_filter :authenticate_for_staging
end
def authenticate_for_staging
success = authenticate_or_request_with_http_digest("Staging") do |username|
if username == "staging"
"staging_password"
end
end
unless success
request_http_digest_authentication("Admin", "Authentication failed")
end
end
This was ripped from Ryan Daigle's blog. I'm running on the latest Rails 2.3 so I should be free from the security problem they had with this.
Use web server authentication
I could also achieve this using .htaccess or apache permissions, however it makes my server provisioning slightly more complex (I'm using Chef, and would require different apache configs for staging/production).
For now I have the first one implemented and working, do you see ay problems with it? Have I missed something obvious? Thanks in advance!
952
bumping this to help others, like myself as I read this before settling on an similar, but cleaner solution.
# config/environments/staging.rb
MyApp::Application.configure do
config.middleware.insert_after(::Rack::Lock, "::Rack::Auth::Basic", "Staging") do |u, p|
[u, p] == ['username', 'password']
end
#... other config
end
I wrote a short blog post about it.
85
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
