On 3 May 2006, at 17:45, James Adam wrote: > There is no 'rails official' way of authenticating, or storing > passwords, as this is logic specific to your application. Maybe hashed > passwords aren't important? It's quite possible.
I'm currently playing with the idea of building a load of tools to make a Rails application OWASP compliant out of the box, and then try talking the Rails core into making it 'standard'. This stuff is so standard, there is no reason why we shouldn't be making it as standard-orientated as connecting to a database, and then give hooks for legacy authentication. > The login engine isn't meant to be mashed into other applications > which make their own assumptions about some kind of user model. It > does try to be flexible where it can, but to some extent it's like > asking a spanner to be a hammer. It's going to get ugly. I've been able to get it to do some pretty weird stuff, but I agree it looks horrendous. My code is *ugly*, which isn't nice. > I'd recommend that you pick one of these systems (login engine, or > opinion) and then add whatever is missing from the other, within your > application. Alternatively, perhaps login_engine could have a webservices interface, and then opinion (and others) could talk to it via that? I'm happy to look at putting some code up for that... -- Paul Robinson _______________________________________________ engine-users mailing list [email protected] http://lists.rails-engines.org/listinfo.cgi/engine-users-rails-engines.org
