Flowdock
authenticate_or_request_with_http_digest(realm = "Application", &password_procedure) public

No documentation

This method has no description. You can help the Ruby on Rails community by adding new notes.

Show source
Register or log in to add new notes.
June 4, 2009
1 thank

Security hole in 2.3.2

This method has a security hole in Rails 2.3.2. See http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest for explanation.

Rails 2.3.3 should fix the problem.

April 15, 2009
0 thanks

Testing HTTP Digest authentication

Testing HTTP Digest authentication is a bit tricky. I wrote a post describing how to accomplish it.

http://lightyearsoftware.com/blog/2009/04/testing-http-digest-authentication-in-rails/

Note also that Digest auth is broken for REST actions using PUT or DELETE. There is an open Lighthouse ticket for this, #2490:

rails.lighthouseapp.com/projects/8994/tickets/2490-http-digest-auth-uses-wrong-request-method-for-put-delete