Ruby on Rails Static Analysis Security Tool

Basic Authentication

In Rails 3.1, a new feature was added to simplify basic authentication.

The example provided in the official Rails Guide looks like this:

class PostsController < ApplicationController

  http_basic_authenticate_with :name => "dhh", :password => "secret", :except => :index



This warning will be raised if http_basic_authenticate_with is used and the password is found to be a string (i.e., stored somewhere in the code).

Back to Warning Types