I Just got my site set up and I'm working through the tutorials posted here on the forums. I've got the blog posts and such to work (from the part 1 of the tutorial).

Now I'm worried over the fact that I don't have any way to secure the application while I'm learning (yes, I'm paranoid ). Given that so many other things are just about automated in Ruby, is there an easy way to provide at least a simple username / password authentication to access things like posting to the blog (i.e. I don't want any random person on the net stumbling on my test pages and posting garbage or worse). All the examples I've seen involve the installation of gems and I'm not sure I can do that here. What are you guys using to secure your applications?

Thanks in advance for the help and advice.

Dan, I also was pretty paranoid when I ported to Rails so I know what you are saying, especially since Rails login code is different than other frameworks. Unfortunately, the easy option, HTTP basic auth doesn't work as Rails files are based off controllers. First and foremost, sorry if I explain too much. Disclaimer aside, the best solution would be something like this:
Assumptions:
1. You have a db configured and ready to use (if not, go to your_rails_app/config/database.yml and file out your info)
2. The db has a table called users with id as the primary key, a username field and a password field, a first_name field, and an email field .
3. You have created a symbolic link from your app's public dir to the htdocs dir, or a dir within

To finish configuring the DB, ssh in to your account.
type:

Next, in your controller where the user posts comments include the following code at the top, yet right after the controller declaration:

Basically, in my code, the var user_id on the srvr referenced by the cookie session id is what determines logins. One thign I like about Rails is that it just sends an id cookie to the user, and every variable you assign is automatically taken care of and stored by rails without the need to make your own system.
Next, let's make the login action. This assumes you have a field named username, and a field named password in the form.

Now, in order to create the place for registration comes the difficult part. Because of the overhead required in protecting random bots or others from registering then posting comments, the best thing would be to have you register those you know, or those that request it. ( of course I could do a Captcha, and various systems, but that starts getting extremely heavy in lines of code and hard to implement). In the posting controller, or whatever the name is, add the following code right below the login def. This assumes you have a username, password, first, and email field on the page
So that's the auth code. If you have any questions, feel free to pm me.

Thanks so much! That's just the level of information I need. I was browsing around tutorials and things at lunch and getting completely frustrated because it was all "just grab this gem, plug these commands in and wa-la!" Not much in the way of actual code, hence my frustration...

Anyway, I'm heading off to work these examples into my own app... Thanks again!

</cfif>

Dan, your very welcome. I have also found there is a lack of actual source code in the docs, and many people would agree that most Rails docs are lacking, yet in these situations, I always turn to books. There are plenty of books that can really help you. I personally recommend (in order of usefullness).
1.Agile Web Development with Rails Second Edition ISBN: 0-9776166-3-0
2. Rails Recipes ISBN: 0-9776166-0-6
3. Programming Ruby The Pragmatic Programmer's Guide, Second Edition ISBN:0-9745140-5-5
I personally find Ruby Forum ruby-forum A great place to ask questions, although you can get help from me and others here.
And if you as worried about security as I am, I also recommend Profesional Pen Testing for Web Applications by Andres Andreu 515 pages of more stuff on security than you'll ever need (but still is one of the only books that shows real attacks and gives good tools....) Whie it doesn't specifically refer to Rails, it can be easily applied to any Rails app. I personally use it all the time. Thanks,
Ben

Just a quick update.

I bought the "Beta-book" (i.e. a pdf that is updated as the author re-writes chapters of the 1st ed.) of Agile Web Development with Rails (2nd ed). I was skeptical at first, seeing as I'm not used to reading a "book" in pdf format. However, It turned out to be a great buy! I really enjoyed the way the author laid everything out and gradually introduces new concepts. I've had so many programming books that seem to enjoy beating you over the head with huge concepts. I have to admit, I need a bit of hand holding at first. The other great thing about having it in .pdf form was it was very easy to copy code examples over to my app. without worrying so much about syntax errors that come from retyping everything. </shameless book plug>

The more I get into Rails programming the more excited I get! Thanks again, Ben!

I like acts_as_authenticated - it's a very simlistic but useful if you don't want to start from scratch