R – Plain text passwords in Ruby on Rails using Restful_Authentication


If I use restful_authentication in my ruby on rails app are passwords transfered between the broswer and the server in paintext? And if so how worried should I be about it?

Best Solution

Well, you need to be worried if you are not hosting it over HTTPS... because if it is straight HTTP, then yes it is being passed in plaintext.

I don't know Rails specifically, but I'm pretty sure it has nothing to do with whether you host it via HTTP or HTTPS.

Edit: I found this link which apparently provides an example Rails app over HTTPS.

Further Edit: Here is another link discussing HTTPS with Rails.