Ask A Question

Notifications

You’re not receiving notifications from this thread.

Authenticating Blog Admin Pages Discussion

Hi,
Is it necessary to add @blog_post behind the edit_blog_post_path in the last part of the video or can that be left out as well? <%= link_to "Edit", edit_blog_post_path if user_signed_in? %>

Reply

Yes it is necessary because the relative url that the path helper method generates has an :id placeholder in it, i.e. /blog_posts/:id/edit that needs to be filled in with the actual id of the record which you intend to edit.

Reply

Ah, I see. Thanks! :)

Reply

Thanks

Reply

Tks for sharing it must try:

Reply

I still don't understand what the function of seeds.rb is. Can anyone help me?

Reply

I think it is used to add initial data to the database.

Reply

But why is the example given in this video account data? Isn't that unsafe?

Reply

It is used once to create your account. Only you can run it. It is perfectly safe. You will change your password after logging in so it isn't the default.

Reply

So it doesn't matter even if it's put in a public repository on Github? Sorry for asking too many questions, I'm a newbie in web development :)

Reply

You're fine! And no, you shouldn't put your real password in there if it's public.

If you want to make it interactive, you can use gets to ask the user for their password when the seeds script runs so there are no passwords hardcoded in the file.

Reply

Thank you, it gave me a new knowledge

Reply

Can devise also handle authorization? or is it something you have to build yourself

Reply

Thanks, it give me new infomation

Reply

To authenticate blog admin pages, you can implement various security measures to ensure that only authorized individuals can access and manage the administrative section of your blog. Here are some common methods for authenticating blog admin pages:

User Accounts: Create user accounts for administrators who need access to the blog admin pages. Each administrator should have a unique username and password combination for authentication. This allows you to control and monitor access to the administrative section.

Strong Passwords: Encourage administrators to use strong, unique passwords that are difficult to guess. Implement password complexity requirements, such as minimum length, a mix of uppercase and lowercase letters, numbers, and special characters.

Two-Factor Authentication (2FA): Enable two-factor authentication for blog admin pages. This adds an extra layer of security by requiring administrators to provide a second form of verification, such as a unique code sent to their mobile device, in addition to their password.

Role-Based Access Control (RBAC): Implement RBAC to assign different levels of access and permissions to administrators. This allows you to define specific roles and grant appropriate privileges based on the responsibilities and requirements of each administrator.

IP Whitelisting: Restrict access to the blog admin pages by whitelisting specific IP addresses or IP ranges. This ensures that only authorized users with approved IP addresses can access the administrative section.

Secure Login Page: Implement HTTPS for your blog admin pages to encrypt the communication between the user's browser and the server. This prevents unauthorized interception of login credentials.

Account Lockout Policies: Implement account lockout policies that temporarily lock user accounts after multiple failed login attempts. This helps protect against brute-force attacks and unauthorized access attempts.

Regular Password Updates: Encourage administrators to update their passwords regularly. This helps ensure that any compromised passwords are changed promptly and reduces the risk of unauthorized access.

Audit Logs: Maintain logs of user activity within the blog admin pages. This allows you to monitor and track any suspicious or unauthorized actions performed by administrators.

Regular Security Updates: Keep your blog platform, plugins, and themes up to date with the latest security patches. Regularly update your blog software to protect against known vulnerabilities.

Implementing these authentication measures will help safeguard your blog admin pages and ensure that only authorized individuals have access to the administrative section. It's important to regularly review and update your security practices to stay ahead of potential threats.

Reply

it is possible to redirect to root instead to log_in with the authenticate_user! method?

Reply

it seems for me boolean user_signed_in is never True for some reason

Reply

User.where(email: "me@mail.com").first_or_initialize seems to throw an error, - No such method in Active Record.
But
User.first_or_initialize_by(email: "me@mail.com") seems to work :)

Reply

What is the error?

Reply
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 87,400+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.