Rails authorization system
21 views
Skip to first unread message
Jean-Sébastien D.
Aug 13, 2012, 11:01:25 PM8/13/12
to rubyonra...@googlegroups.com
This is more just a question of concepts. I have read extensively in
ruby and although many question are still itchy, I am wondering if
making my own authentication is the best. A person told me to follow the
tutorial on http://ruby.railstutorial.org/chapters/ in which I did.
However the authentication system is kinda basic and i am just wondering
if I should follow this tutorial
- http://erniemiller.org/2008/09/30/easy-role-based-authorization/,
- Device
- Cancan.
I personally don't understand gems and are a black hole for me, hence i
prefer making my own authentication system based on that tutorial.
Although device and cancan are well though and seem to fit in well. I am
wondering if the tutorial of ernie covers most security feature that an
authorization system and also by combining it with ( rails book) or
should I worry about more security feature or Its so out-of-date that
device or cancan should be only my consideration.
I am looking for though or suggestion.
Thanks in advanced
--
Posted via http://www.ruby-forum.com/.
ruby and although many question are still itchy, I am wondering if
making my own authentication is the best. A person told me to follow the
tutorial on http://ruby.railstutorial.org/chapters/ in which I did.
However the authentication system is kinda basic and i am just wondering
if I should follow this tutorial
- http://erniemiller.org/2008/09/30/easy-role-based-authorization/,
- Device
- Cancan.
I personally don't understand gems and are a black hole for me, hence i
prefer making my own authentication system based on that tutorial.
Although device and cancan are well though and seem to fit in well. I am
wondering if the tutorial of ernie covers most security feature that an
authorization system and also by combining it with ( rails book) or
should I worry about more security feature or Its so out-of-date that
device or cancan should be only my consideration.
I am looking for though or suggestion.
Thanks in advanced
--
Posted via http://www.ruby-forum.com/.
Andrew Vit
Aug 14, 2012, 6:05:59 AM8/14/12
to rubyonra...@googlegroups.com
Note that Devise and CanCan are orthogonal... you can use both, or either.
Authentication is something that doesn't change a lot after it's set up, so you might write it once and forget about it. It's good if you want to keep it simple. I suppose you might decide to support a new mechanism like OAuth or OpenID (for facebook/twitter/google login), and that might be harder to add to your own existing system later. Devise is maybe harder to understand, but that is the trade-off, it takes care of the complexity for you.
One immediate smell I get from Ernie's tutorial is using method_missing for roles... I personally wouldn't do that, and @user.is_a_user_or_admin_or_superhero_or_demigod_or_chuck_norris? is a bit ridiculous. I would pass on this tutorial.
Devise + CanCan is basically plug & play, but you can still customize a lot. I would recommend it. Also for security, you are covered by more eyes on the code.
Andrew Vit
Authentication is something that doesn't change a lot after it's set up, so you might write it once and forget about it. It's good if you want to keep it simple. I suppose you might decide to support a new mechanism like OAuth or OpenID (for facebook/twitter/google login), and that might be harder to add to your own existing system later. Devise is maybe harder to understand, but that is the trade-off, it takes care of the complexity for you.
One immediate smell I get from Ernie's tutorial is using method_missing for roles... I personally wouldn't do that, and @user.is_a_user_or_admin_or_superhero_or_demigod_or_chuck_norris? is a bit ridiculous. I would pass on this tutorial.
Devise + CanCan is basically plug & play, but you can still customize a lot. I would recommend it. Also for security, you are covered by more eyes on the code.
Andrew Vit
Colin Law
Aug 14, 2012, 7:03:30 AM8/14/12
to rubyonra...@googlegroups.com
On 14 August 2012 04:01, Jean-Sébastien D. <li...@ruby-forum.com> wrote:
> This is more just a question of concepts. I have read extensively in
> ruby and although many question are still itchy, I am wondering if
> making my own authentication is the best. A person told me to follow the
> tutorial on http://ruby.railstutorial.org/chapters/ in which I did.
> However the authentication system is kinda basic and i am just wondering
> if I should follow this tutorial
>
> - http://erniemiller.org/2008/09/30/easy-role-based-authorization/,
> - Device
> - Cancan.
>
> I personally don't understand gems and are a black hole for me
Gems are just bits of ruby code packaged in a way that makes life easy
> This is more just a question of concepts. I have read extensively in
> ruby and although many question are still itchy, I am wondering if
> making my own authentication is the best. A person told me to follow the
> tutorial on http://ruby.railstutorial.org/chapters/ in which I did.
> However the authentication system is kinda basic and i am just wondering
> if I should follow this tutorial
>
> - http://erniemiller.org/2008/09/30/easy-role-based-authorization/,
> - Device
> - Cancan.
>
> I personally don't understand gems and are a black hole for me
for the user. Rails itself is just a set of gems. Look in the file
Gemfile.lock in your application and you will see all the gems you are
already using. You will waste a lot of time if you do not build on
the shoulders of those who have come before. Spend a small amount of
time learning about gems such as cancan and you will progress much
more rapidly.
Colin
Reply all
Reply to author
Forward
0 new messages