Here's how I hardened the login via resque_auth.rb
. You'll need the bcrypt-ruby
gem installed.
- Fire up IRB or PRY
require 'bcrypt'
- Generate a salt:
salt = BCrypt::Engine.generate_salt
puts salt
// make sure you copy this somewhere.- Now,
salted_hash = BCrypt::Engine.hash_secret("YOUR PASSWORD GOES HERE", salt)
- make sure you save the longer output!
Update resque_auth.rb
as follows - it limits access to the username 'admin' as well!
Resque::Server.use(Rack::Auth::Basic) do |user, password|
if ['admin'].include? user do
[SALTED_HASH] == BCrypt::Engine.hash_secret(password, [SALT])
end
end
Make sure you replace the above respectively. Voila!