Getting Started with Rails guide: authentication question


I beleive there might be a conceptual error in the Security chapter

The code explains you have to add the following line in the
http_basic_authenticate_with :name => "dhh", :password =>
"secret", :except => :index

However, I beleive the readers of that blog also want to access the
PostControllers' show action. How would the otherwise be able to add
comments to the blog.

This is where I'm stumped. I can't find out how to add two exceptions
to the authentication options. Can anyone help me with this?

Untested, but should work:

http_basic_authenticate_with :name => "dhh", :password => "secret",
:except => [:index,:show]


Facepalm => doh!

Thank you. An array of course. I still think the tutorial should be
modified to reflect this, no?


Actually when I looked at it, it was worse than you represented. The text just above this said,

"To use the authentication system, we specify it at the top of our

+PostsController+, in this case, we want the user to be authenticated on every

action, except for +index+ and +show+, so we write that:"

So clearly the example should be

http_basic_authenticate_with :name => “dhh”, :password => “secret”, :except => [:index, :show]


I'm not sure how long these changes take to go into effect, and if
it's in the process I certainly don't mean to nag about it, however I
wanted to put in that the guide still shows the incorrect code sample.
Thanks for the information on how it's supposed to be, though!