I realize that I didn't comment about the ssl_requirement plugin by DHH (David Heinemeier Hansson, the Rails guru) . It's really a very nice approach to requiring that certain actions be accessed only through SSL/https and letting the other actions through. Once I found it, it was quick and easy to install and worked flawlessly.
However, I couldn't use it: the fundamental controller for my application uses AjaxScaffold (AS), which provides all the CRUD/UI stuff that I needed and allowed the customizations that I wanted (albeit with some learning curve; see a previous post). AS uses a veritable galaxy of actions to perform its magic and there was no way (I tried) to identify the right actions individually. What I really needed was a way to identify a controller instead of an action that required SSL. I briefly considered and then as quickly rejected the idea of attempting to enhance the plugin. It's a small plugin and seems to be pretty straight-forward in operation, but I'm just not at that level and I wanted to focus on my basic application. Maybe another time...
I did have one other question regarding the plugin. Reviewing the code, I saw that it works by trapping and then redirecting the actions that you want secured. I wonder if that might not be too much overhead for a site with lots of traffic? I just don't know at this point.
No comments:
Post a Comment