Is it worth rolling your own authentication?
Mohamad El-Husseini
Colin Law
> I prefer to create my own authentication, but it adds an extra day or two to
> my work load (tests take the most time). Although this time keeps shrinking
> with every new app I start.
If you have your own favourite technique then why not turn it into a
gem and then you would have the best of both worlds. Authentication
just the way you want it but with the advantage of just installing the
gem and using it.
Colin
Peter Hickman
the likes of devise then to be honest I would say you are wasting your
time writing your own. As an exercise I can understand, I've done it
myself. But the problem is that you start with just a simple sign on
system, then you need to add twitter or facebook sign on but your ego
will be too big to allow you to throw away all this hard work you have
put into the masterpiece of your loins so you add that feature, and
the next and the next and the next... Finally you will have an
abomination.
Also having experience of things like devise will look good on your
CV, having written your own will only receive the response of "why did
you do that when there are several perfectly good tried and tested
gems that will do it for you?"
Just out of curiosity have you also written your own
*) xml parser?
*) json parser?
*) database drivers?
*) orm?
*) templating system?
*) web framework?
*) date and time class?
I mean how can you trust those gems that suddenly work just by
installing them :)
José Netto
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonra...@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-ta...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Mohamad El-Husseini
On Wednesday, March 14, 2012 11:17:54 AM UTC-3, José Tiburcio Ribeiro Netto wrote:
Good point Peter!
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
Peter Hickman
> @Peter, good point, although I don't think it's so bad to write your own
> basic authentication then add something like OmniAuth if you require other
> authentication methods.
Writing your own is a good thing to do, you get to learn about the
sort of issues that have to be tackled and it is a real world problem
that will be more satisfying than solving "towers of hanoi" and the
like. The problem is recognising when to stop, each additional feature
will probably be quite small and not look like a lot of work but over
time they all pile up and the rest of the site starts to become
entangled with the code which make replacing it very hard.
It's something I've seen quite a lot so I try to avoid reinventing any
wheel if I can help it. The pain I have had at work because of some
code that has too much ego invested in it is virtually endless. I try
to write the least code possible to do a job so that I can throw it
away easily.
Besides unless you are specifically writing an authentication and
authorisation system then the time you spend on it is time not spent
developing something that does not exist as a gem.
For the record I have written my own tagging system because the gems
that were available when I developed my site four years ago did not
have the features that I wanted. So there are times when you have to.
Peter