Here are my favorite two summary discussions along with a pointer to a general security site. For my work the distinction between authentication and authorization (user name and user role) is important. I use a combination of plugins and gems to fill my needs since I feel site security is one area of coding that clearly benefits from a large user base.
http://wiki.rubyonrails.org/howtos/authentication-authorization http://www.vaporbase.com/postings/Authorization_in_Rails http://www.rorsecurity.info/ On Sep 15, 6:25 am, phibo <[email protected]> wrote: > Being a rails newbie, I started to design our first rails-based > webapp. This app should not only be used via browsers, but we also > want to provide a (RESTful) api. I love the 'convention over > configuration' paradigm, but am totally clueless on what to do when it > comes to user authentication. Is there a THE rails-way of doing this? > > I found many excellent gems and plugins, such as AAA or thoughtbot's > clearance. However, I keep asking myself, why not just use HTTP > (digest) authentication? I may be missing something, but why do big > players such as Facebook implement their own (token- and secret-based) > scheme? > > What are you guys using? What is your favorite gem/plugin for user > auth? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
