On Aug 5, 2007, at 7:42 AM, Hendy Irawan wrote: > To add, shouldn't security/authorization be implemented mostly in the > model?
Depends on the level you have to authorize on. I've never written an application where is was necessary to drop down to model level to ensure people didn't access information they shouldn't access. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
