Security Plugins

Acts as Authenticated
Acts As Authenticated is a simple authentication generator plugin for Ruby on Rails.
Rating: 3/5 (237 votes)
Added on 14 Apr 2006
Security extensions
A set of filters and tests to help protect from CSRF vulnerabilities. At the core are two useful abstractions: verify_form_posts_have_security_token and secure_form_tag.
Rating: 4/5 (2 votes)
Added on 14 Apr 2006
Sentry
Wrapper around undocumented OpenSSL functions, providing symmetric and asymmetric encryption for active record attributes.
Rating: 2/5 (1 vote)
Added on 14 Apr 2006
Authorization
Uses a simple authorization DSL that delegates checks to models, including the current user. Different levels of authorization complexity are provided through mixins available with the plugin.
Rating: 4/5 (22 votes)
Added on 18 May 2006
Simple HTTP Auth
A quick, clean way of adding HTTP authorization to your Rails application. No need for complicated backends, gigantic user models, or other unneeded complexity. Just you, a password prompt, and whether or not someone should be allowed in.
Rating: 3/5 (14 votes)
Added on 23 May 2006
ActiveRBAC
ActiveRBAC is a library for Ruby On Rails that provides a full stack for managing users and permissions.
Rating: 4/5 (10 votes)
Added on 25 May 2006
HTPasswd
This plugin allows controllers to use HTTP Basic and Digest access authentication.
Rating: 3/5 (11 votes)
Added on 29 May 2006
OpenID Consumer
Allows you to use OpenID authentication and profile exchange.
Rating: 4/5 (7 votes)
Added on 10 Jun 2006
dnsbl_check
dnsbl_check is a Rails plugin that checks every incoming request to see if the client is listed on a DNS Blackhole List. This helps prevent abuse from spammers/crackers.
Rating: 4/5 (8 votes)
Added on 18 Jun 2006
Safe ERB
Safe ERB checks if the string written by “<%= %>” in your rhtml template is escaped correctly and raises an error if it is not escaped, which will significantly reduce the possibility of putting cross-site scripting vulnerability into your web application.
Rating: 4/5 (7 votes)
Added on 17 Jul 2006
CAS Authentication Filter
Enables authentication against a Centralized Authentication Service (CAS) server.
Rating: 5/5 (3 votes)
Added on 19 Jul 2006
Assert Request
The assert_request plugin provides an easy way to make sure that your rails actions are only called with the method, protocol, and parameters that you expect. This can save a considerable amount of error-checking code, uncover hidden bugs, and prevent security holes.
Rating: 5/5 (30 votes)
Added on 26 Jul 2006
Simple Access Control
Define access rule conditionals as filters on actions, controller logic, or in views. This plugin fixes the problems of its ancestor, acl_system2, and is a good bed-fellow with Acts As Authenticated.
Rating: 4/5 (8 votes)
Added on 28 Jul 2006
Authenticated Cookie
Not quite a plugin. It builds on AAA without making a mess of your vendor/plugins. Get closer to sessionless, stateless design!
Rating: 3/5 (3 votes)
Added on 29 Jul 2006
Restful Authentication
Add authentication in a RESTful way.
Rating: 4/5 (241 votes)
Added on 22 Aug 2006
secure-action-plugin
Rails plugin for preventing assumed-logged-in attacks.
Rating: 5/5 (4 votes)
Added on 28 Aug 2006
BrainBuster
A logic captcha for Rails. Use simple logic questions instead of images for a friendlier, accessible anti spam solution.
Rating: 4/5 (6 votes)
Added on 10 Oct 2006
acts_as_google_account
Authenticating users against the Google Authentication API
Rating: 3/5 (9 votes)
Added on 17 Oct 2006
Form Spam Protection :)
Tired of form spam but don't like the idea of Captcha or an ineffective RBL? This plugin transparently protects your forms and all the user needs is Javascript enabled
Rating: 5/5 (13 votes)
Added on 25 Oct 2006
ActiveAcl rails authorization system
ActiveAcl provides a high-performance, unintrusive and very flexible approach to fine grained access control.
Rating: 3/5 (20 votes)
Added on 15 Nov 2006
Simple Captcha
A full fledged captcha implementation with radom images. SimpleCaptcha is the simplest and a robust captcha plugin for RubyOnRails applications. Its implementation requires adding up a single line in views and in controllers/models. SimpleCaptcha is available to be used with Rails2.0 or above and also it provides the backward compatibility with previous versions of Rails. Read here(http://expressica.com/simple_captcha) for more details on implementation, usage and examples.
Rating: 4/5 (56 votes)
Added on 7 Feb 2007
Safety Net
Safety Net prevents Rake and TestUnit from deleting the test database if it has the same name as the development or production database.
Rating: 5/5 (1 vote)
Added on 9 Feb 2007
Open Id Authentication
Easily add OpenID authentication to your app.
Rating: 4/5 (46 votes)
Added on 27 Feb 2007
CSRF Killer
This plugin helps protect against possible CSRF attacks
Rating: 5/5 (1 vote)
Added on 7 Mar 2007
access_control
User authentication and authorization. Secure your controllers with ease.
Rating: 4/5 (11 votes)
Added on 12 Mar 2007
Authenticate As Remote User
Provides a simple interface to various Apache authentication systems to allow your Rails application to find out the currently logged in user.
Rating: 0/5 (0 votes)
Added on 22 Mar 2007
ReCAPTCHA
This plugin adds helpers for the ReCAPTCHA API.
Rating: 5/5 (35 votes)
Added on 26 May 2007
AttrLocked
Adds the ability to prevent changes to model attributes - perfect for fixing usernames or making sure no-one tampers with your financial records.
Rating: 5/5 (1 vote)
Added on 8 Jun 2007
CipherMail
CipherMail is a safe way to have mailto: style functionality without divulging email addresses to e-mail harvesting spam-bots.
Rating: 5/5 (16 votes)
Added on 23 Jul 2007
RoleRequirement
Role based security for acts_as_authenticated, without the mess
Rating: 4/5 (11 votes)
Added on 23 Jul 2007
Phonemic Passwords
Used to create random passwords that are somewhat memorable for people. Uses random phonemes along with some knowledge of vowels, consonants, dipthongs and whether they should not come first or last in an English word
Rating: 3/5 (2 votes)
Added on 3 Aug 2007
Super Simple Authentication
Simple password-based authentication for your controllers (and views).
Rating: 4/5 (3 votes)
Added on 23 Aug 2007
Signed params
Cryptoigraphically signs the parameters of a URL so that the URL cannot be tampered on the client.
Rating: 5/5 (4 votes)
Added on 9 Sep 2007
acts_as_authentable
Authentication plugin based on restful_authentication and bcrypt-ruby
Rating: 4/5 (2 votes)
Added on 17 Sep 2007
Crumblr
Crumblr, a Ruby on Rails plugin to protect against Cross-Site Request Forgery
Rating: 5/5 (2 votes)
Added on 16 Nov 2007
SanitizeParams
SanitizeParams is a small XSS filter plugin.
Rating: 5/5 (4 votes)
Added on 27 Nov 2007
base-auth
Best Authorization System Ever
Rating: 5/5 (47 votes)
Added on 7 Dec 2007
ACL System2 Ownership
This plugins adds ownership functionality to ACL System2 plugin by Ezra Zygmuntowicz.
Rating: 4/5 (2 votes)
Added on 9 Jan 2008
authentication
Provides a pluggable model-level authentication system with out of the box support for a salted hash authentication and simple token authentication.
Rating: 0/5 (0 votes)
Added on 9 Jan 2008
Access
Allows developers to execute or not execute given code block depending on a set of conditions, written in intuitive manner. Especially useful within view templates, where it can eliminate the need for multiple if ... else ... statements.
Rating: 4/5 (8 votes)
Added on 23 Jan 2008
xss_terminate
xss_terminate is a plugin in that makes stripping and sanitizing HTML stupid-simple.
Rating: 5/5 (3 votes)
Added on 29 Jan 2008
Encrypted Cookie Store
Makes it easy to encrypt the data of the default cookie session store.
Rating: 0/5 (0 votes)
Added on 4 Feb 2008
RESTful_ACL
A Ruby on Rails plugin that provides fine grained access control to RESTful resources in a Ruby on Rails 2.0+ project.
Rating: 5/5 (3 votes)
Added on 20 Mar 2008
Add a plugin

Search Plugins

Query syntax

Plugins by Category

Sponsors

Rails Kits: Get Code. Get Moving.
Recruiting software

Have a comment?