Comments for kahfei http://www.kahfei.com freshly brewed ideas Mon, 09 Aug 2010 13:54:15 +0000 hourly 1 http://wordpress.org/?v=3.0.1 Comment on remote_user in rails application by kahfei http://www.kahfei.com/?p=153&cpage=1#comment-1085 kahfei Mon, 09 Aug 2010 13:54:15 +0000 http://www.kahfei.com/?p=153#comment-1085 Hi Kevin, thanks for dropping by, and your advice...really appreciate it. Ya, that is what I understand from various discussions and articles on the net that if mongrels are proxied behind apache, we wouldn't be able to get 'HTTP_REMOTE_USER'. Basically, it is an intranet application, and the capturing of username is not for any user authentication or authorization purpose, solely to fill up the creator field in the record, and the user base don't really have a lot of administrator rights on their computer (running Windows), so what they could do with it is pretty limited. But I fully agree that it is not a secure way of handling this. Will look further on your post and the apache docs, or I might just let the user fill in a free text field for that information, just to save the hustle. :-). Thanks again. Hi Kevin, thanks for dropping by, and your advice…really appreciate it.
Ya, that is what I understand from various discussions and articles on the net that if mongrels are proxied behind apache, we wouldn’t be able to get ‘HTTP_REMOTE_USER’.

Basically, it is an intranet application, and the capturing of username is not for any user authentication or authorization purpose, solely to fill up the creator field in the record, and the user base don’t really have a lot of administrator rights on their computer (running Windows), so what they could do with it is pretty limited.

But I fully agree that it is not a secure way of handling this. Will look further on your post and the apache docs, or I might just let the user fill in a free text field for that information, just to save the hustle. :-) .

Thanks again.

]]> Comment on remote_user in rails application by Kevin http://www.kahfei.com/?p=153&cpage=1#comment-1052 Kevin Fri, 06 Aug 2010 22:10:06 +0000 http://www.kahfei.com/?p=153#comment-1052 If you're going to access it in Rails, you need request.env['HTTP_REMOTE_USER'] (note: 'request.env', 'HTTP_' and uppercase). But that doesn't work if your mongrels are proxied behind Apache (or nginx or lightty or whatever). In any case, it sounds like what you're trying to do is grab the user's *desktop* username, which isn't really possible (you might be able to do AD-integrated HTTP BASIC authentication, but then you're tied to Windows and IE). It's also _totally_ insecure to trust what someone's browser says is their username—I could make my browser tell you my username is 'admin' and get full access without authentication. Even if it's for an "intranet" app, if that app is on an Internet-accessible web server, you're vulnerable. What I do for our intranet site is HTTP BASIC auth thru Apache, which then proxies the username as I described in my post (which you referenced—http://kbullock.ringworld.org/2010/06/05/apache-rails-and-remote_user/). You might check out the Apache docs on setting up authentication (http://httpd.apache.org/docs/2.2/howto/auth.html). In addition, in order to duplicate my setup, you need to have "AllowOverride all" set on your virtualhost or directory in the Apache config, so that the .htaccess file in your RAILS_ROOT/public/ folder gets used. Hope that's helpful. If you’re going to access it in Rails, you need request.env['HTTP_REMOTE_USER'] (note: ‘request.env’, ‘HTTP_’ and uppercase). But that doesn’t work if your mongrels are proxied behind Apache (or nginx or lightty or whatever).

In any case, it sounds like what you’re trying to do is grab the user’s *desktop* username, which isn’t really possible (you might be able to do AD-integrated HTTP BASIC authentication, but then you’re tied to Windows and IE). It’s also _totally_ insecure to trust what someone’s browser says is their username—I could make my browser tell you my username is ‘admin’ and get full access without authentication. Even if it’s for an “intranet” app, if that app is on an Internet-accessible web server, you’re vulnerable.

What I do for our intranet site is HTTP BASIC auth thru Apache, which then proxies the username as I described in my post (which you referenced—http://kbullock.ringworld.org/2010/06/05/apache-rails-and-remote_user/). You might check out the Apache docs on setting up authentication (http://httpd.apache.org/docs/2.2/howto/auth.html). In addition, in order to duplicate my setup, you need to have “AllowOverride all” set on your virtualhost or directory in the Apache config, so that the .htaccess file in your RAILS_ROOT/public/ folder gets used.

Hope that’s helpful.

]]> Comment on remote_user in rails application by kahfei http://www.kahfei.com/?p=153&cpage=1#comment-1000 kahfei Tue, 03 Aug 2010 21:59:46 +0000 http://www.kahfei.com/?p=153#comment-1000 Hi Anton, Hmmm...seems it didn't really show up any information about the user name on the client side, all the info from ENV.inspect are from the server... Hi Anton,
Hmmm…seems it didn’t really show up any information about the user name on the client side, all the info from ENV.inspect are from the server…

]]> Comment on map and each by kahfei http://www.kahfei.com/?p=131&cpage=1#comment-968 kahfei Sun, 01 Aug 2010 04:49:08 +0000 http://www.kahfei.com/?p=131#comment-968 Deswing, sure, if my post did bring any help in anyway, you are free to quote it :-). Deswing, sure, if my post did bring any help in anyway, you are free to quote it :-) .

]]> Comment on remote_user in rails application by Anton http://www.kahfei.com/?p=153&cpage=1#comment-959 Anton Sat, 31 Jul 2010 19:49:18 +0000 http://www.kahfei.com/?p=153#comment-959 Try this: script/console(rails console in rails 3) puts ENV.inspect Try this:

script/console(rails console in rails 3)
puts ENV.inspect

]]> Comment on remote_user in rails application by kahfei http://www.kahfei.com/?p=153&cpage=1#comment-937 kahfei Fri, 30 Jul 2010 00:40:54 +0000 http://www.kahfei.com/?p=153#comment-937 Hi Anton, Thanks for the advise. Tried that, but didn't work though. Are there any prerequisite for that to work? Hi Anton,

Thanks for the advise.
Tried that, but didn’t work though.
Are there any prerequisite for that to work?

]]> Comment on remote_user in rails application by Anton http://www.kahfei.com/?p=153&cpage=1#comment-925 Anton Thu, 29 Jul 2010 20:25:36 +0000 http://www.kahfei.com/?p=153#comment-925 Hi! May be ENV['LOGNAME'] you need? Hi!
May be ENV['LOGNAME'] you need?

]]> Comment on map and each by Deswing666 http://www.kahfei.com/?p=131&cpage=1#comment-922 Deswing666 Thu, 29 Jul 2010 12:36:02 +0000 http://www.kahfei.com/?p=131#comment-922 it was very interesting to read www.kahfei.com I want to quote your post in my blog. It can? And you et an account on Twitter? it was very interesting to read http://www.kahfei.com
I want to quote your post in my blog. It can?
And you et an account on Twitter?

]]> Comment on thin on windows by kahfei http://www.kahfei.com/?p=149&cpage=1#comment-919 kahfei Thu, 29 Jul 2010 01:55:03 +0000 http://www.kahfei.com/?p=149#comment-919 Hi Luis, I am running ruby 1.8.7 as well. But I installed MinGW and MSYS separately and not knowing about Devkit at all at that time. Guess I might have messed up the part to point MSYS correctly to MinGW. Installing thin with Devkit work like a charm! Thanks for the really helpful advise, Luis. :-) Hi Luis,

I am running ruby 1.8.7 as well.
But I installed MinGW and MSYS separately and not knowing about Devkit at all at that time. Guess I might have messed up the part to point MSYS correctly to MinGW.

Installing thin with Devkit work like a charm! Thanks for the really helpful advise, Luis. :-)

]]> Comment on thin on windows by Luis Lavena http://www.kahfei.com/?p=149&cpage=1#comment-915 Luis Lavena Wed, 28 Jul 2010 22:58:52 +0000 http://www.kahfei.com/?p=149#comment-915 Can I ask you what version of Ruby are you using? Installing it with RubyInstaller and the DevKit is pretty straight forward: C:\Users\Luis>ruby -v ruby 1.8.7 (2010-06-23 patchlevel 299) [i386-mingw32] C:\Users\Luis>gem install thin Temporarily enhancing PATH to include DevKit... Building native extensions. This could take a while... Successfully installed rack-1.2.1 Successfully installed eventmachine-0.12.10 Successfully installed daemons-1.1.0 Successfully installed thin-1.2.7-x86-mingw32 4 gems installed You can find installation instructions for the DevKit here: http://wiki.github.com/oneclick/rubyinstaller/development-kit Along with others tutorials about installation here: http://wiki.github.com/oneclick/rubyinstaller/tutorials HTH. Can I ask you what version of Ruby are you using?

Installing it with RubyInstaller and the DevKit is pretty straight forward:

C:\Users\Luis>ruby -v
ruby 1.8.7 (2010-06-23 patchlevel 299) [i386-mingw32]

C:\Users\Luis>gem install thin
Temporarily enhancing PATH to include DevKit…
Building native extensions. This could take a while…
Successfully installed rack-1.2.1
Successfully installed eventmachine-0.12.10
Successfully installed daemons-1.1.0
Successfully installed thin-1.2.7-x86-mingw32
4 gems installed

You can find installation instructions for the DevKit here:

http://wiki.github.com/oneclick/rubyinstaller/development-kit

Along with others tutorials about installation here:

http://wiki.github.com/oneclick/rubyinstaller/tutorials

HTH.

]]>