dbalatero-signed_request

1.0.2
Rubygems

Version published: 10 years ago

Maintainers: 1

Created: 10 years ago

Source

= signed_request

A simple 25-line gem for signing/verifying an HTTP request that has gone over the wire.

The sender and receiver must share the same secret key between them.

This gem should be used in conjunction with SSL certificates to defend against replay attacks.

Any key can be used to sign the request -- choosing a secure key is the choice of the user of this library.

== Signing a request

require 'signed_request'

def send_over_the_wire key = 'mykey' # insecure, use something else :) params = { 'param1' => 'foo', 'param2' => 'bar' } signature = SignedRequest.sign(params, key)

params['signature'] = signature

# post it to the receiver.
req = Net::HTTP::Get.new('/secret/url')
req.form_data = params
http = Net::HTTP.new('mydomain.com', 443)
http.use_ssl = true
response = http.start do |session|
  session.request(req)
end

# do something w/ response

end

== Verifying a signed request

require 'signed_request'

class SecretController < ApplicationController def verify_request key = 'mykey'

  if SignedRequest.verified(params, key)
    # we are good
  else
    abort "get the hell out of here!"
  end
end

end

== Copyright

FAQs

What is dbalatero-signed_request?

Is dbalatero-signed_request well maintained?

Package last updated on 11 Aug 2014

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

dbalatero-signed_request

Related posts

Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets

NVD Backlog Tops 20,000 CVEs Awaiting Analysis as NIST Prepares System Updates