Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
It'd be cool to store the routes with the key being hashed, then the value being encrypted with the original key. This way nothing would be gained by looking at the routes, only when you made use of a route would it expose it (and if you're using an admin_deploy_nukes_path, you'll have probably authenticated them already)
Of course this would require 2 extra libraries but I guess they're pretty small and the amount of data being encrypted/hashed would be small, so pretty quick.
Maybe overkill but might be a nice option?
That looks interesting as an idea. I don't see a way of implementing that without changing an API as you call a route like this:
Routes.user_path(1) // but not like Routes.run(:user_path, 1)
This is kind a big deal and I don't think that a lot of people will want it even if they are seriously security-concerned.
It could be done in ruby without changing an API with method missing that is not available on JS.
I don't think it'd add any security to your app at all, since your routes would still be exposed anyway. Not only that, but decrypting this file wouldn't be difficult at all, since your legitimate client already do so:
Honestly, I don't see any benefits on it.