1
00:00:00,750 --> 00:00:01,660
Hello and welcome.

2
00:00:01,680 --> 00:00:06,980
In this lecture we are going to implement some basic security.

3
00:00:07,020 --> 00:00:12,280
So this is what our blog application looks like at the moment.

4
00:00:12,390 --> 00:00:22,440
If we were to publish this blog online as it is anyone would be able to add to edit and delete post

5
00:00:22,770 --> 00:00:25,080
or even delete the comments.

6
00:00:25,080 --> 00:00:30,170
Luckily for us Real's provides a very simple.

7
00:00:30,180 --> 00:00:40,950
T T T P authentication system that we allow was to prevent some security breaches.

8
00:00:40,950 --> 00:00:45,050
So basically what we need to do we need to implement.

9
00:00:45,870 --> 00:00:48,660
Inside are post controller.

10
00:00:49,110 --> 00:00:54,570
We need to have a way to block access to the various actions.

11
00:00:54,750 --> 00:01:02,810
If the person is not authenticators So one or implement some can security to certain view.

12
00:01:03,180 --> 00:01:04,990
So we'll use the rails.

13
00:01:05,050 --> 00:01:14,230
Here's TTP underscore basic authentication method which allows access to the requested action.

14
00:01:14,470 --> 00:01:16,610
Even that method allows it.

15
00:01:16,600 --> 00:01:19,680
So let's see how we implement that.

16
00:01:19,710 --> 00:01:25,090
So let's open up our post control so that control does open up.

17
00:01:25,100 --> 00:01:30,520
Post where we want implemented just after.

18
00:01:31,280 --> 00:01:37,830
This application control I hear will Joe's tab down will add lead busy.

19
00:01:37,850 --> 00:01:43,160
He's T T P authentication so this is how we do it.

20
00:01:43,320 --> 00:01:44,460
Time being here.

21
00:01:44,530 --> 00:01:45,190
T T.

22
00:01:45,230 --> 00:01:51,230
P on the score basic.

23
00:01:53,310 --> 00:01:56,710
On the score authentication.

24
00:02:03,600 --> 00:02:08,540
Fenty came in on this call with.

25
00:02:10,410 --> 00:02:12,240
Space.

26
00:02:12,240 --> 00:02:13,090
Name.

27
00:02:14,480 --> 00:02:16,970
They need to specify you name.

28
00:02:18,330 --> 00:02:18,860
Right.

29
00:02:18,860 --> 00:02:22,410
Or has a blue line.

30
00:02:22,900 --> 00:02:25,030
So that's the person.

31
00:02:25,030 --> 00:02:32,260
One of the people of the rights to access and we need to end password.

32
00:02:35,510 --> 00:02:36,350
Password.

33
00:02:36,360 --> 00:02:41,980
I'm going to enter is learning.

34
00:02:46,050 --> 00:02:51,060
Next we need to do a comma and then.

35
00:02:51,110 --> 00:02:55,150
Except I will explain what that means a minute.

36
00:02:57,520 --> 00:02:59,860
Then he calls on.

37
00:03:01,920 --> 00:03:09,930
Square brackets inside the square brackets would pass in some values and got pin links.

38
00:03:10,590 --> 00:03:13,420
Comma space.

39
00:03:13,590 --> 00:03:14,670
Call on.

40
00:03:16,650 --> 00:03:18,320
Show.

41
00:03:19,310 --> 00:03:30,530
So basically what this of fenty Kitchen here is saying is that we want the user to be authenticated

42
00:03:31,100 --> 00:03:33,490
on every action.

43
00:03:33,830 --> 00:03:39,700
Inside this controller except for the index and a shill.

44
00:03:40,310 --> 00:03:48,530
So anyone visiting from our outside world apart from those have got authentication rights.

45
00:03:48,620 --> 00:03:56,140
The only view they can see is the Index which is the home piece and the short page.

46
00:03:56,260 --> 00:03:56,630
All right.

47
00:03:56,640 --> 00:03:57,620
That's what that means.

48
00:03:57,680 --> 00:04:05,690
Every other action within this controller there will need to enter their name and their password before

49
00:04:05,720 --> 00:04:09,770
they can be authenticated to access the piece.

50
00:04:09,950 --> 00:04:14,440
We want to do the same with the comments controller.

51
00:04:14,720 --> 00:04:22,080
We don't want any one to be able to just delete comments so we need to click on the comments controller.

52
00:04:22,310 --> 00:04:23,980
I said you need to do the same thing.

53
00:04:23,990 --> 00:04:33,720
So all I need to do is just copy the authentication from the post and come here and just paste that

54
00:04:33,730 --> 00:04:39,360
in and does change one or two things.

55
00:04:39,380 --> 00:04:44,490
So basically what you want to specify inside big comments controls.

56
00:04:44,840 --> 00:04:52,860
We only want authenticated users to be able to delete comments.

57
00:04:53,240 --> 00:05:01,490
So again we said the password and we know when to use accept we are just going to replace the reward

58
00:05:01,520 --> 00:05:12,320
except with only one time pain only we get rid of that because the only action we can sell about is

59
00:05:12,320 --> 00:05:13,550
the destroy.

60
00:05:13,930 --> 00:05:21,460
We do space call on this stroy this is the.

61
00:05:22,330 --> 00:05:29,650
Action that's responsible for deleting the comments that were seen here or like those who have authentication

62
00:05:30,220 --> 00:05:35,440
can delete any comment so you don't have authentication.

63
00:05:35,450 --> 00:05:43,510
You will not be able to delete any comment I chilliwack can do we can wrap this around a square bracket

64
00:05:45,190 --> 00:05:48,720
and is close that close and square bracket.

65
00:05:50,620 --> 00:05:55,950
And we think that call on that insight.

66
00:05:57,470 --> 00:05:59,600
Blue Square bracket.

67
00:05:59,600 --> 00:06:08,970
And just to have FAS save all and dashes sorty so less tested to see if the authentication works.

68
00:06:09,110 --> 00:06:10,720
So right click.

69
00:06:12,580 --> 00:06:18,400
Okay we get it to refresh before we test.

70
00:06:18,400 --> 00:06:23,250
I just wanna good true the code just I have everything right.

71
00:06:23,280 --> 00:06:24,050
Oh.

72
00:06:24,250 --> 00:06:25,510
I had to change this.

73
00:06:25,510 --> 00:06:27,840
This was an 80 P on the core.

74
00:06:27,840 --> 00:06:30,260
Busiek had it spelled authentication.

75
00:06:30,280 --> 00:06:36,140
He should be authenticate So make sure you've got it exactly as I have it.

76
00:06:36,160 --> 00:06:38,280
Now you may run into some problems.

77
00:06:38,290 --> 00:06:42,720
This should be authenticate not authentication.

78
00:06:42,820 --> 00:06:47,470
This is the post control like if I go to the Commons control like the same thing here.

79
00:06:47,500 --> 00:06:53,230
He should be authenticate or gun and say that and let's test it.

80
00:06:53,230 --> 00:06:55,750
Make sure the authentication works.

81
00:06:55,810 --> 00:06:57,810
So now I'm going to go to the home.

82
00:06:57,840 --> 00:07:04,700
I'm on tap someone to try and create reports took EFI having quote ventilation.

83
00:07:05,050 --> 00:07:05,950
He will not let me.

84
00:07:05,950 --> 00:07:10,550
So the only feed everyone can view is the home page and issue.

85
00:07:10,580 --> 00:07:16,830
So if I click create I should get a prompt so I can see the basic authentication is working.

86
00:07:16,960 --> 00:07:24,190
If I see a loggy he would tell me he has requested username on password to limit type my username mean.

87
00:07:26,500 --> 00:07:28,100
Password.

88
00:07:32,320 --> 00:07:35,590
And click logmein because he does log me now.

89
00:07:35,590 --> 00:07:37,740
So now he's going to let me he paused.

90
00:07:37,790 --> 00:07:38,040
How.

91
00:07:38,040 --> 00:07:39,860
Just see.

92
00:07:40,860 --> 00:07:42,340
Hello world.

93
00:07:47,030 --> 00:07:51,810
Show me the money.

94
00:07:53,190 --> 00:07:54,590
Then say put.

95
00:07:55,440 --> 00:07:57,740
Excellence for gluten.

96
00:07:57,750 --> 00:07:58,350
Wow.

97
00:07:58,680 --> 00:07:59,830
I go home.

98
00:08:02,320 --> 00:08:04,140
Let's scroll down to see the pause.

99
00:08:04,180 --> 00:08:06,740
I have just added on.

100
00:08:07,060 --> 00:08:08,720
That's the post I've just added.

101
00:08:08,740 --> 00:08:15,750
I should be able to go to it and queing delete because I'm already logged in.

102
00:08:16,060 --> 00:08:22,920
So excellent So the basic security is in place and he is working as designed.

103
00:08:23,020 --> 00:08:30,730
So this is your busy security obviously for you going to publish on line in me to you know implement

104
00:08:30,820 --> 00:08:33,440
here more robust security.

105
00:08:33,460 --> 00:08:36,520
This is just a train in embarrassment.

106
00:08:36,550 --> 00:08:37,240
So that's it.

107
00:08:37,240 --> 00:08:47,130
This concludes this project so you can play around and also take it enhanced this projet wherever where

108
00:08:47,140 --> 00:08:49,220
you like you can expand it.

109
00:08:49,600 --> 00:08:57,520
You can add some more strobe more styling to make you look more pretty and you can create related projects

110
00:08:57,520 --> 00:09:01,210
once you understand the concepts from Des projet.

111
00:09:01,210 --> 00:09:08,100
You should have the skills to be more creative and develop similar projects.

112
00:09:08,170 --> 00:09:09,760
So many thanks for watching.

113
00:09:09,760 --> 00:09:11,200
Thank you so much for your time.

114
00:09:11,200 --> 00:09:17,500
Throughout the course I have enjoyed doing it for you and I hope you benefit from it truly.

115
00:09:17,800 --> 00:09:19,920
Take care and all the best wishes always.

116
00:09:19,930 --> 00:09:20,890
Bye for now.