Leonardo: Thanks for the swift reply. I'm happy to hear this is working for you!
Cheers, Tim On Nov 9, 4:25 pm, Leonardo Mateo <[email protected]> wrote: > On Mon, Nov 9, 2009 at 7:06 PM, Tim Lowrimore <[email protected]> wrote: > > > Scenario: An application X, is a PHP app that's been running just > > fine for quite some time. An application Y is a new Rails app. > > Specifically, a RESTful service. Y can only be accessed by a user > > once that user has successfully authenticated against X. Y is > > accessed immediately following authentication against X. Y has access > > to X's database. > > > As far as I know, there seems to be no good way to do this, so the > > best idea I can dream up is to have X generate and store a perishable > > token for the authenticated user. Since Y is accessed before a user > > can know the value of the perishable token, the token is passed to Y, > > where Y then finds the user's record, and matches the perishable > > token. Pass or fail, the token is immediately removed from the > > database. If the match is successful, Y creates a session for the > > user. If the match fails, the user is redirected back to the login > > screen. > > > Is this total lunacy? Could this work? Is there a better way to do > > this (i.e. a bit of Rails magic?) WTF?! > > Hey Tim, I had a very very similar scenario a few months ago and I > solved it the way you're describing here. > My case was a control panel (Rails App) for a quite big PHP > application (which was planned to be moved to rails, but never > happened). > I couldn't find a better way to do it, I mean, it's not the best of > the architectures, so the solution cannot be completly clean. > The perishable token works, and seems secure as long as you validate > correctly on both applications. I think rails' magic has nothing to do > here since they're two different applications. You can apply rails > magic on the rails application, but I'm not sure there's something > else to do for the applications communication and interaction. > > Anyway, I don't think this is a bad solution, maybe there's some > plugin or something that I am not aware of, but I think this approach > is valid. > > Cheers. > -- > Leonardo Mateo. > There's no place like ~ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
