Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Change .h1, .h2, .h3 to #, ## and ### for correct rendering in github

  • Loading branch information...
commit d8dd366d0fb8068bcd853789024a82f91c051dd2 1 parent a2c3507
@Dorian Dorian authored
Showing with 21 additions and 21 deletions.
  1. +8 −8 CHANGELOG
  2. +12 −12 README.textile
  3. +1 −1  TODO
View
16 CHANGELOG
@@ -1,10 +1,10 @@
-h1. Internal Changes to code
+# Internal Changes to code
As always, this is just a copy-and-pasted version of the CHANGELOG file in the source code tree.
-h2. Changes for the May, 2008 version of restful-authentication
+## Changes for the May, 2008 version of restful-authentication
-h3. Changes to user model
+### Changes to user model
* recently_activated? belongs only if stateful
* Gave migration a 40-char limit on remember_token & an index on users by login
@@ -13,7 +13,7 @@ h3. Changes to user model
* password in 6, 40
* salt and remember_token now much less predictability
-h3. Changes to session_controller
+### Changes to session_controller
* use uniform logout function
* use uniform remember_cookie functions
@@ -26,7 +26,7 @@ h3. Changes to session_controller
* recycle login and remember_me setting on failed login
* nil'ed out the password field in 'new' view
-h3. Changes to users_controller
+### Changes to users_controller
* use uniform logout function
* use uniform remember_cookie functions
@@ -37,13 +37,13 @@ h3. Changes to users_controller
* On a failed signup, kick you back to the signin screen (but strip out the password & confirmation)
* more descriptive error messages in activate()
-h3. users_helper
+### users_helper
* link_to_user, link_to_current_user, link_to_signin_with_IP
* if_authorized(action, resource, &block) view function (with appropriate
warning)
-h3. authenticated_system
+### authenticated_system
* Made authorized? take optional arguments action=nil, resource=nil, *args
This makes its signature better match traditional approaches to access control
@@ -56,7 +56,7 @@ h3. authenticated_system
"best":http://palisade.plynt.com/issues/2004Jul/safe-auth-practices/
"practice":http://www.owasp.org/index.php/Session_Management#Regeneration_of_Session_Tokens
-h3. Other
+### Other
* Used escapes <%= %> in email templates (among other reasons, so courtenay's
"'dumbass' test":http://tinyurl.com/684g9t doesn't complain)
View
24 README.textile
@@ -1,4 +1,4 @@
-h1. "Restful Authentication Generator":http://github.com/technoweenie/restful-authentication
+# "Restful Authentication Generator":http://github.com/technoweenie/restful-authentication
This widely-used plugin provides a foundation for securely managing user
authentication:
@@ -18,7 +18,7 @@ Several features were updated in May, 2008.
***************************************************************************
-h2. Issue Tracker
+## Issue Tracker
Please submit any bugs or annoyances on the lighthouse tracker at
* "http://rails_security.lighthouseapp.com/projects/15332-restful_authentication/overview":http://rails_security.lighthouseapp.com/projects/15332-restful_authentication/overview
@@ -29,7 +29,7 @@ For anything simple enough, please github message both maintainers: Rick Olson
***************************************************************************
-h2. Documentation
+## Documentation
This page has notes on
* "Installation":#INSTALL
@@ -58,22 +58,22 @@ from there.
***************************************************************************
<a id="AWESOME"/> </a>
-h2. Exciting new features
+## Exciting new features
-h3. Stories
+### Stories
There are now "Cucumber":http://wiki.github.com/aslakhellesoy/cucumber/home features that allow expressive, enjoyable tests for the
authentication code. The flexible code for resource testing in stories was
extended from "Ben Mabey's.":http://www.benmabey.com/2008/02/04/rspec-plain-text-stories-webrat-chunky-bacon/
-h3. Modularize to match security design patterns:
+### Modularize to match security design patterns:
* Authentication (currently: password, browser cookie token, HTTP basic)
* Trust metric (email validation)
* Authorization (stateful roles)
* Leave a flexible framework that will play nicely with other access control / policy definition / trust metric plugins
-h3. Other
+### Other
* Added a few helper methods for linking to user pages
* Uniform handling of logout, remember_token
@@ -82,7 +82,7 @@ h3. Other
***************************************************************************
-h2. Non-backwards compatible Changes
+## Non-backwards compatible Changes
Here are a few changes in the May 2008 release that increase "Defense in Depth"
but may require changes to existing accounts
@@ -92,21 +92,21 @@ but may require changes to existing accounts
* If you are generating for a new site, all of these changes are low-impact.
You should apply them.
-h3. Passwords
+### Passwords
The new password encryption (using a site key salt and stretching) will break
existing user accounts' passwords. We recommend you use the --old-passwords
option or write a migration tool and submit it as a patch. See the
[[Tradeoffs]] note for more information.
-h3. Validations
+### Validations
By default, email and usernames are validated against a somewhat strict pattern; your users' values may be now illegal. Adjust to suit.
***************************************************************************
<a id="INSTALL"/> </a>
-h2. Installation
+## Installation
This is a basic restful authentication generator for rails, taken from
acts as authenticated. Currently it requires Rails 1.2.6 or above.
@@ -161,7 +161,7 @@ To use the generator:
***************************************************************************
<a id="POST-INSTALL"/> </a>
-h2. After installing
+## After installing
The below assumes a Model named 'User' and a Controller named 'Session'; please
alter to suit. There are additional security minutae in @notes/README-Tradeoffs@
View
2  TODO
@@ -1,5 +1,5 @@
-h3. Authentication security projects for a later date
+### Authentication security projects for a later date
* Track 'failed logins this hour' and demand a captcha after say 5 failed logins

0 comments on commit d8dd366

Please sign in to comment.
Something went wrong with that request. Please try again.