A better approach would be to namespace controllers that way you don't have to put everything into one massive admin controller.
Ryan On May 6, 2008, at 6:10 PM, Phlip wrote: > > liquid_rails wrote: > >> Does anybody know what the current philosophy is on maintaining >> admin pages for a site? If one has an admin controller within their >> application, it is very easy for a half-way knowledgeable user to get >> to the admin login page, which IMO is not a good thing. I've read up >> on some different approaches, such as making a separate Rails >> Application for admin, hiding admin links on the public pages, etc. >> and was wondering if anyone has any thoughts on the subject! > > Google up some "rails basic authentication". The less you type, the > more your > web browser can provide the hack-proofing. > > At the cheapest end, simply hardcode a username 'admin' and some > L33T password > like "r4!7zr007z". Put them directly into the before_filter of your > admin > controller. Wait for your customer to ask for different names and > user levels. > > -- > Phlip > > > --~--~---------~--~----~------------~-------~--~----~ SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby -~----------~----~----~----~------~----~------~--~---
