Users Drop Down Menu

5 views
Skip to first unread message

Deniz Rende

unread,
Mar 9, 2010, 6:13:56 PM3/9/10
to hobo...@googlegroups.com
Hi Folks,


I just realized something that when I create a bunch of users, they are all available at User changer drop down next to Login with Hobo. If I were to connect to my application remotely (not using localhost), the drop down still shows the available users. So basically anybody can login by changing the user name to somebody else. Is there any way to prevent that, maybe just show the Guest account or the account of the person just logged in?

Thanks.



--
Deniz Rende
E-mail: deniz...@gmail.com
Phone: +1 (224) 789-UNIX (8649)
Mobile: +1 (816) 213-2139
Web: http://www.deniz-rende.com/blog

Matt Jones

unread,
Mar 9, 2010, 6:21:00 PM3/9/10
to hobo...@googlegroups.com

On Mar 9, 2010, at 6:13 PM, Deniz Rende wrote:

> Hi Folks,
>
>
> I just realized something that when I create a bunch of users, they
> are all available at User changer drop down next to Login with Hobo.
> If I were to connect to my application remotely (not using
> localhost), the drop down still shows the available users. So
> basically anybody can login by changing the user name to somebody
> else. Is there any way to prevent that, maybe just show the Guest
> account or the account of the person just logged in?
>

Unless you've changed something (unlikely) that dropdown only appears
while the app is in development mode. So any real install of the app
won't show it - even the controller action it connects to won't exist
in production mode.

--Matt Jones

Deniz Rende

unread,
Mar 9, 2010, 6:26:40 PM3/9/10
to hobo...@googlegroups.com
ok, great so how do I change to production mode? do I need to play with config/database.yml?



--
You received this message because you are subscribed to the Google Groups "Hobo Users" group.
To post to this group, send email to hobo...@googlegroups.com.
To unsubscribe from this group, send email to hobousers+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.

Matt Jones

unread,
Mar 9, 2010, 6:32:59 PM3/9/10
to hobo...@googlegroups.com

On Mar 9, 2010, at 6:26 PM, Deniz Rende wrote:

> ok, great so how do I change to production mode? do I need to play
> with config/database.yml?

That's dependent on exactly how you're deploying your app. Passenger
will run apps in production mode by default; other methods (mongrel,
fcgi) may need to set RAILS_ENV explicitly.

For a quick preview on your development machine, you can do:

RAILS_ENV=production rake db:schema:load
RAILS_ENV=production script/server

(assuming the production settings in config/database.yml are sensible).

Note that this isn't a Hobo-specific issue, so searching for "switch
Rails to production mode" should yield plenty of useful information.

--Matt Jones

Deniz Rende

unread,
Mar 9, 2010, 6:52:54 PM3/9/10
to hobo...@googlegroups.com

For a quick preview on your development machine, you can do:

RAILS_ENV=production rake db:schema:load
RAILS_ENV=production script/server

That seems to be working... I am using mongrel right now for the development. 
Thanks a lot....
 


--Matt Jones

--
You received this message because you are subscribed to the Google Groups "Hobo Users" group.
To post to this group, send email to hobo...@googlegroups.com.
To unsubscribe from this group, send email to hobousers+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.

Reply all
Reply to author
Forward
0 new messages