On Tue, May 7, 2013 at 2:06 PM, Linus Pettersson <[email protected]> wrote: > Absolutely, that's a valid argument. However, if you need to do some > customizations and start monkey patching a gem you may open it up for > vulnerabilities as well, right? Plus, it would make your code messy when you > have some code in your project and some in the gem. > > But sure, it is convient to have everything done and tested for you in gems > like Devise. > > Any other thoughts on this subject? > > > > Den tisdagen den 7:e maj 2013 kl. 03:56:33 UTC+2 skrev tamouse: >> >> On Mon, May 6, 2013 at 12:38 PM, Linus Pettersson >> <[email protected]> wrote: >> > Hi! >> > >> > I watched this video the other day: http://vimeo.com/39498553 >> > where they argue that it may be a better idea to roll your own >> > authentication solution using has_secure_password instead of using, for >> > instance, Devise. >> > >> > I started a new project using Rails 4 today and need authentication. I'm >> > thinking about creating my own using has_secure_password for learning >> > purposes and also to make it more customizable (not sure what I actually >> > need yet). >> > >> > Anyway, what are your thoughts on this subject? Do you usually use gems >> > like >> > Devise or just use your own solutions? >> >> Authentication and authorization are often vital functions; rolling my >> own would be interesting as an exercise, but I would rather rely on >> something that has seen thousands of uses across as many projects and >> eyes. Implementing my own, I also have to create all the tests, and >> the chance of me forgetting something in that case are great.
On Tue, May 7, 2013 at 2:06 PM, Linus Pettersson <[email protected]> wrote: > Absolutely, that's a valid argument. However, if you need to do some > customizations and start monkey patching a gem you may open it up for > vulnerabilities as well, right? Plus, it would make your code messy when you > have some code in your project and some in the gem. I wouldn't approach it this way. Since Devise provides the core functions I need, I would wrap it up in a Class/Module that abstracts the Devise parts while implementing my custom/application-specific parts. Open classing (monkey patching) leaves one in a place where upgrading Gems becomes exceedingly difficult, and causes confusion to future maintainers, developers and testers when confronted with such things. > But sure, it is convient to have everything done and tested for you in gems > like Devise. > > Any other thoughts on this subject? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
