On my current project we are hosting our Rails application on Heroku. While this is great in allowing our client to see changes almost immediately, it also means we have a public site which could in theory be accessed by anyone with the correct URL. To alleviate any concerns around this we decided to simply add basic HTTP authentication to the site as a temporary stopgap.
This is really easy to do in Rails – here I’m enabling it only on production (so I don’t have to type in any username or password in development).
Easy! Happy coding.