Saturday, January 31, 2009

Plug-ins, Security and Frustration

Really nothing to post on except my increasing level of frustration with Rails security plug-ins and my domain model. This shouldn't be that difficult given:
  • There are multiple clinical facilities
  • Users can belong to more than one facility
  • Users can have different roles at each facility
  • The application supports an HTML interface as well as a REST API
Authentication was easy, I used the restful_authentication plug-in. It is easy to customize and works great with HTTP basic authentication and SSL for securing the REST API. The only modification I made to the plug-in was changing from SHA1 to SHA512 for the password hashes.