This is more just a question of concepts. I have read extensively in ruby and although many question are still itchy, I am wondering if making my own authentication is the best. A person told me to follow the tutorial on http://ruby.railstutorial.org/chapters/ in which I did. However the authentication system is kinda basic and i am just wondering if I should follow this tutorial - http://erniemiller.org/2008/09/30/easy-role-based-authorization/, - Device - Cancan. I personally don''t understand gems and are a black hole for me, hence i prefer making my own authentication system based on that tutorial. Although device and cancan are well though and seem to fit in well. I am wondering if the tutorial of ernie covers most security feature that an authorization system and also by combining it with ( rails book) or should I worry about more security feature or Its so out-of-date that device or cancan should be only my consideration. I am looking for though or suggestion. Thanks in advanced -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Note that Devise and CanCan are orthogonal... you can use both, or either. Authentication is something that doesn''t change a lot after it''s set up, so you might write it once and forget about it. It''s good if you want to keep it simple. I suppose you might decide to support a new mechanism like OAuth or OpenID (for facebook/twitter/google login), and that might be harder to add to your own existing system later. Devise is maybe harder to understand, but that is the trade-off, it takes care of the complexity for you. One immediate smell I get from Ernie''s tutorial is using method_missing for roles... I personally wouldn''t do that, and @user.is_a_user_or_admin_or_superhero_or_demigod_or_chuck_norris? is a bit ridiculous. I would pass on this tutorial. Devise + CanCan is basically plug & play, but you can still customize a lot. I would recommend it. Also for security, you are covered by more eyes on the code. Andrew Vit On Monday, August 13, 2012 8:01:25 PM UTC-7, Ruby-Forum.com User wrote:> > This is more just a question of concepts. I have read extensively in > ruby and although many question are still itchy, I am wondering if > making my own authentication is the best. A person told me to follow the > tutorial on http://ruby.railstutorial.org/chapters/ in which I did. > However the authentication system is kinda basic and i am just wondering > if I should follow this tutorial > > - http://erniemiller.org/2008/09/30/easy-role-based-authorization/, > - Device > - Cancan. > > I personally don''t understand gems and are a black hole for me, hence i > prefer making my own authentication system based on that tutorial. > Although device and cancan are well though and seem to fit in well. I am > wondering if the tutorial of ernie covers most security feature that an > authorization system and also by combining it with ( rails book) or > should I worry about more security feature or Its so out-of-date that > device or cancan should be only my consideration. > > I am looking for though or suggestion. > Thanks in advanced > > -- > Posted via http://www.ruby-forum.com/. >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/p7GPt3FxMoQJ. For more options, visit https://groups.google.com/groups/opt_out.
On 14 August 2012 04:01, Jean-Sébastien D. <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> This is more just a question of concepts. I have read extensively in > ruby and although many question are still itchy, I am wondering if > making my own authentication is the best. A person told me to follow the > tutorial on http://ruby.railstutorial.org/chapters/ in which I did. > However the authentication system is kinda basic and i am just wondering > if I should follow this tutorial > > - http://erniemiller.org/2008/09/30/easy-role-based-authorization/, > - Device > - Cancan. > > I personally don''t understand gems and are a black hole for meGems are just bits of ruby code packaged in a way that makes life easy for the user. Rails itself is just a set of gems. Look in the file Gemfile.lock in your application and you will see all the gems you are already using. You will waste a lot of time if you do not build on the shoulders of those who have come before. Spend a small amount of time learning about gems such as cancan and you will progress much more rapidly. Colin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.