liquid_rails wrote: > Does anybody know what the current philosophy is on maintaining > admin pages for a site? If one has an admin controller within their > application, it is very easy for a half-way knowledgeable user to get > to the admin login page, which IMO is not a good thing. I've read up > on some different approaches, such as making a separate Rails > Application for admin, hiding admin links on the public pages, etc. > and was wondering if anyone has any thoughts on the subject!
Google up some "rails basic authentication". The less you type, the more your web browser can provide the hack-proofing. At the cheapest end, simply hardcode a username 'admin' and some L33T password like "r4!7zr007z". Put them directly into the before_filter of your admin controller. Wait for your customer to ask for different names and user levels. -- Phlip --~--~---------~--~----~------------~-------~--~----~ SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby -~----------~----~----~----~------~----~------~--~---
