0

I am creating a small Sinatra application which will have login functionality. This would be the first time I have done this in ruby and wanted some advice when posting passwords from a html form. What would be the best and most secure way to do this.

Any help would be most appreciated.

Thanks Alex

alexjfno1
  • 337
  • 1
  • 3
  • 14
  • 1
    I bet there is a lot of methods to do this. Try, for example, use `sinatra-authentication` https://github.com/maxjustus/sinatra-authentication – Yevgeniy Anfilofyev Jun 19 '13 at 16:54
  • "login functionality" means you want people to authenticate to your Sinatra app, not have the Sinatra app connect to something else where it has to authenticate, right? – the Tin Man Jun 19 '13 at 17:31

1 Answers1

2

Posting password from a HTML form in a secure way is not, exactly, a Ruby/Sinatra issue. It is a set of best practices take on all components of your stack.

As long as I remember, these are the items that come to my mind:

  1. For transfer sensible data always use HTTPS.
  2. Never save clean password on your database. Always use a Hash algorithm with salt http://crackstation.net/hashing-security.htm.
  3. Impose some constraints to the password, like: minimum length, force letters and numbers, etc.
  4. Avoid to log sensible data (e-mail, password).
Thiago Lewin
  • 2,810
  • 14
  • 18