Re: [goliath] Digest for goliath-io@googlegroups.com - 1 Message in 1 Topic

3 views

Skip to first unread message

Jinpu Hu

unread,

Mar 31, 2012, 6:37:09 AM3/31/12

to golia...@googlegroups.com

great job!

I choose to use rails for normal app dev, goliath for data marshup. So I can use devise's full function, and get non-blocking i/o in special point.

On Sat, Mar 31, 2012 at 5:44 PM, <golia...@googlegroups.com> wrote:

Today's Topic Summary

Group: http://groups.google.com/group/goliath-io/topics

Is there some gem for goliath like devise for rails? [1 Update]

Is there some gem for goliath like devise for rails?

Eric Marden <eric....@gmail.com> Mar 30 12:38PM -0500

We ended up implementing a simple token system that is sent as a param (header or request). The token links to and validates the account. We pair that with other values as necessary to increase the security, even though its not super super secure. We needed to do something lightweight since our main api client is a backbone.js powered app. There's a bit more too it, but is not quite OAuth.

I also wrote a little HMAC signature middleware for goliath, which 'fingerprints' the request by hashing the request (method, url, params, etc) in a particular way. Which would have been more secure than our simple token method, but there wasn't an easy way to keep the private key/salt value secret with a js heavy app. I'll try to clean that up and put it on github this weekend, if you'd like to check it out.

With all that said, if/when we officially make our API public, we will likely fully implement OAuth instead.

--
Eric Marden
http://ericmarden.com

On Wednesday, March 28, 2012 at 10:14 AM, Ilya Grigorik wrote:

You received this message because you are subscribed to the Google Group goliath-io.
You can post via email.
To unsubscribe from this group, send an empty message.
For more options, visit this group.

--
Blog

Github

Reply all

Reply to author

Forward

0 new messages