Just a question for opinions - In the past developing with php (not that it should matter) , when preparing data for a user I generally set the query to filter not only by user.id but also by user.username. To me it just seemed to add a little more redundancy in the event some hacker figured out a way to login with someone elses id. Is this strategy something that makes sense in Rails as well ? Or in any web application ? Of course when they log in they must with their username and password. TIA Stuart -- http://en.wikipedia.org/wiki/Dark_ambient --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---