devise-security
SecureHeaders
devise-security | SecureHeaders | |
---|---|---|
4 | 2 | |
576 | 3,133 | |
1.2% | 0.1% | |
6.6 | 4.2 | |
3 months ago | 9 months ago | |
Ruby | Ruby | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
devise-security
- Beware - Devise 4.9.1 and devise-security gem
-
Best authentication in 2022? Devise, Clearance, OAuth, anything else?
Rodauth is IMO the most feature-complete and the most stable. It ships with "enterprise"-grade features such as single session, session expiration, password expiration, password complexity requirements, disallowing common passwords, and disallowing password reuse (basically what devise-security extension provides).
-
Rails application boilerplate for fast MVP development
add devise-security
-
Devise only allow one session per user at the same time
An alternative implementation.... https://github.com/devise-security/devise-security/blob/master/lib/devise-security/models/session_limitable.rb
SecureHeaders
-
4 Essential Security Tools To Level Up Your Rails Security
The secure_headers gem will automatically apply several headers that are related to security. This includes:
-
Rails application boilerplate for fast MVP development
add secure_headers
What are some alternatives?
graphql_devise - GraphQL interface on top devise_token_auth
Metasploit - Metasploit Framework
Ahoy - Simple, powerful, first-party analytics for Rails
Rack::Protection - NOTE: This project has been merged upstream to sinatra/sinatra
Rack::Attack - Rack middleware for blocking & throttling
BeEF - The Browser Exploitation Framework Project
Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
Rack::ContentSecurityPolicy
bullet - help to kill N+1 queries and unused eager loading
RbNaCl - Ruby FFI binding to the Networking and Cryptography (NaCl) library (a.k.a. libsodium)
dumb-password-rules - A compilation of sites with dumb password rules.
Hashids - A small Ruby gem to generate YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user.