Last Updated: February 25, 2016
·
1.773K
· jmlevick

Encrypted HTTP “Basic” Auth in #Rails (Digest Auth + Salt)

Picture

Sometimes, we do not need a full auth solution for an app. We just need to keep something as secure as possible with the minimum effort and/or the minimum users. For doing this, HTTP Basic Auth might seem like a good idea, but it does not offer encryption or (for the matter), any kind of "real" security. Although there's nothing like "real security" out there in the web nowdays, we can solve this HTTP Basic auth issue by using HTTP Digest Auth instead and a bit of salt, so we can sleep a little more pacefully at night... For learning the approach I took, please read the full post at:

http://levick.tumblr.com/post/65244327897/encrypted-http-basic-auth-in-rails-digest-auth