rogerleite
commented
13 years ago liked! Could be great to have some information at Readme telling how to configure and usage examples of this.
Closed dwebster closed 13 years ago
rogerleite
commented
13 years ago liked! Could be great to have some information at Readme telling how to configure and usage examples of this.
oriolgual
commented
13 years ago I'm not sure if I'm in for this feature, could you elaborate on a case where a password is needed? I feel something like this could let some users a false sensation of security.
dwebster
commented
13 years ago I certainly agree with the false sense of security, so I think users would need to be aware of what they were doing. My personal requirement for the feature is to secure staging environments at a cursory level, allowing developers to access the console but, perhaps, not quality assurance personnel. My opinion is having some security is better than none at all, but with proper awareness, of course. Maybe we could include some large warning in the readme?
oriolgual
commented
13 years ago Staging could be a nice place to have a password protection. Since the password will be hardcoded at the codebase could you use BCrypt in order to check if the password is correct? This way we force users to, ate least, write down a crypted password instead of plain text.
BTW, after merging the other pull-request this one has some conflicts. Could you rebase to master? (Check this commit https://github.com/codegram/rack-webconsole/commit/79df7dc4ff1c1dbb5607147e38271cff5d006f55 to store configs).
Thanks for you work!
dwebster
commented
13 years ago The way this thing would be used, I envision, would be for the developer to read their password from a config file (or any mechanism they want to use) and simply set the password using that value in code:
Rack::Webconsole.console_password = read_my_config_setting
This way, the developer can decide the encryption mechanism they want to use. However, if you prefer that we implement this using bcrypt here, I will be glad to do so. I have fixed the other merge conflicts.
Thanks!
dwebster
commented
13 years ago I am going to close this pull request and consolidate the changes into a new one.
Added the ability to configure a console password.
Simply add the following in one of your application's environment files:
Rack::Webconsole.console_password = "some_password"
If a console password is set, the user is prompted for that password before they can continue to use the web console. If no console password is set, there is no change in the existing behavior.
Additional test cases have been added and all tests pass.