Skip to content

Instantly share code, notes, and snippets.

@bsodmike

bsodmike/resque_auth.md

Created September 1, 2011 22:42
Show Gist options
  • Save bsodmike/1187496 to your computer and use it in GitHub Desktop.
Save bsodmike/1187496 to your computer and use it in GitHub Desktop.
Download ZIP
Hardened 'resque_auth.rb' Initialiser
Raw
resque_auth.md

Here's how I hardened the login via resque_auth.rb. You'll need the bcrypt-ruby gem installed.

  • Fire up IRB or PRY
  • require 'bcrypt'
  • Generate a salt: salt = BCrypt::Engine.generate_salt
  • puts salt // make sure you copy this somewhere.
  • Now, salted_hash = BCrypt::Engine.hash_secret("YOUR PASSWORD GOES HERE", salt)
  • make sure you save the longer output!

Update resque_auth.rb as follows - it limits access to the username 'admin' as well!

Resque::Server.use(Rack::Auth::Basic) do |user, password|
  if ['admin'].include? user do
    [SALTED_HASH] == BCrypt::Engine.hash_secret(password, [SALT])
  end
end

Make sure you replace the above respectively. Voila!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment