Security & Protection Plugins
Acts As Filterable by Mark Chadwick (markchadwick) in Security & Protection and ActiveRecord
Simple, transparent access control for ActiveRecord models.
Acts As Secure by Val Aleksenko (muzzy) in Security & Protection and ActiveRecord Gem Available!
ActsAsSecure adds an ability to store ActiveRecord model's fields encrypted in a DB. When a model is marked with acts_as_secure, the :binary type fields are recognized as needed to be stored encrypted. The plugin does before_save/after_save/after_find encryption/decryption thus making it transparent for a code using secured models. The plugin supports a master key approach as well as individual records encryption keys. It does not contain any crypto provider but allows to plug in any external one as long as it supports encrypt/decrypt methods.
AttrLocked by James Coglan (jcoglan) in Security & Protection, HTML Helpers, and ActiveRecord
+AttrLocked+ is a little Rails plugin that provides extra security for your +ActiveRecord+ models. It lets you specify, at the model level, that certain model attributes should never be allowed to change. Perfect for usernames or financial record-keeping.
Authorization by Bill Katz (DocSavage) in Security & Protection
Adds a flexible mechanism for authorization. Differs from other authorization systems in the following ways: (1) You can specify roles programmatically with model code or use a mixin to keep roles in a database. (2) The plugin uses a clean language for specifying authorization expressions. (3) Ability to handle roles on instances of a model. (4) Rights are explicitly declared in controller and view code. (5) Different levels of authorization complexity are provided through mixins available with the plugin. If you don't want to use the database for authorization, you mixin a HardwiredRoles module. If you want full database support for roles on model instances, you mixin the ObjectRolesTable module.
Exception Logger by Rick Olson in Security & Protection and Utilities
The Exception Logger (forgive the horrible name) logs your Rails exceptions in the database and provides a funky web interface to manage them.
Safe ERB by Shinya Kasatani (shinya) in Security & Protection
Safe ERB lets you make sure that the string written by “<%= %>” in your rhtml template is escaped correctly. If you try to show the attributes in the ActiveRecord instance read from the database or the parameters received from the request without escaping them using “h” method, an exception will be raised. This will significantly reduce the possibility of putting cross-site scripting vulnerability into your web application.
validates_email_format_of by Alex Dunae (Alex) in Security & Protection, ActiveRecord, and Miscellaneous
Rock solid e-mail validation of e-mail addresses against RFC 2822. Test cases are included.
validates_email_veracity_of by Carsten Nielsen in Security & Protection and ActiveRecord
This makes it really easy to validate e-mail addresses supplied within Rails applications. It can even check the MX records associated with the e-mail address supplied to see if the domain exists and is accepting mail! Basically, if you care about e-mail address validity, it's a must-install.
