Rails - Jan 2006 - LoginEngine vs. LoginGenerator?

I just saw a mention here of LoginEngine, which I hadn''t heard of  
before. Last week when I was digging for user-account sample code for  
my web-app, I instead found the LoginGenerator and started using that:
	http://wiki.rubyonrails.com/rails/pages/LoginGenerator

Is one of these preferred over the other? From skimming the API docs,  
it does seem that LoginEngine has more features, like email-based  
verification, that I''ve been hacking into LoginGenerator myself. If  
LoginGenerator is deprecated, or if LoginEngine is seeing more active  
development, then I should probably switch over before deploying my app.

Thanks,

--Jens
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060116/b729c2a6/attachment.html

As found in the Book of Rails, Chapter 13, Verse 26-28:

"26. In The Beginning there was the LoginGenerator, whom didst spawn
many working Rails applications. But the peoples of Railtopia were
unsettled after a time. And, lo, LoginGenerator did eventually beget
SaltedHashLoginGenerator, which included better salting and
localization, and email verification, singing like heralds upon high.
27. And the children of SaltedHashLoginGenerator where fruitful, and
partied like it was 1999. Except it was 2005.
28. Then, some weirdo developed Rails engines, and was particularly
lazy in the eyes of the Lord, totally ripping off
SaltedHashLoginGenerator as an example of his wicked way..."

In a nutshell, there''s the original LoginGenerator, on which lots of
authentication systems are based. One of these is the
SaltedHashLoginGenerator, which adds a few features including
localization and email verification. I believe Deirdre SM has stepped
in to maintain this - she''ll know better where it''s future
lies.

The LoginEngine is an *example* of a development technique
(http://rails-engines.org) which is heavily based on the SHLG.
Feature-wise they are pretty much identical, although email is now
optional, and the localization was totally removed. It continues to be
developed and refined, and is very much open to public scrutiny and
patching.

Your choice between using a generator and using an engine (any engine,
the LoginEngine isn''t the only possible authentication system possible
using engines) should be based on how you evaluate the merits of
either mechanism for sharing/reusing code. My personal view/propaganda
is here: http://rails-engines.org/wiki/pages/Engines+vs.+Generators

Whichever you choose, be prepared to get intimate with the code -
there''s no excuse for not working to understand how this code is going
to function within your application! Good luck :)

- James

On 1/16/06, Jens Alfke <jens@mooseyard.com> wrote:
> I just saw a mention here of LoginEngine, which I hadn''t heard of
before.
> Last week when I was digging for user-account sample code for my web-app, I
> instead found the LoginGenerator and started using that:
>  http://wiki.rubyonrails.com/rails/pages/LoginGenerator
>
> Is one of these preferred over the other? From skimming the API docs, it
> does seem that LoginEngine has more features, like email-based
verification,
> that I''ve been hacking into LoginGenerator myself. If
LoginGenerator is
> deprecated, or if LoginEngine is seeing more active development, then I
> should probably switch over before deploying my app.
>
> Thanks,
>
> --Jens
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
>
>

There''s also Bruce Perens ModelSecurity, which is more than just login:

http://perens.com/FreeSoftware/ModelSecurity/

which takes the multiple "layers of defense" approach.

Haven''t tried it yet, but meaning to...

<rant>Although, I''m sorely tempted to completely ignore it and
even start dissing it
simply because of the obnoxious ads on the page (when I just went to verify the
url, the
ad was for smileys and it includes a loud "heeelllllooo..." over and
over!) C''Mon Bruce,
save the ads for your home page! </rant>

b

PS: great (and amusing) summary James...


James Adam wrote:
> As found in the Book of Rails, Chapter 13, Verse 26-28:
> 
> "26. In The Beginning there was the LoginGenerator, whom didst spawn
> many working Rails applications. But the peoples of Railtopia were
> unsettled after a time. And, lo, LoginGenerator did eventually beget
> SaltedHashLoginGenerator, which included better salting and
> localization, and email verification, singing like heralds upon high.
> 27. And the children of SaltedHashLoginGenerator where fruitful, and
> partied like it was 1999. Except it was 2005.
> 28. Then, some weirdo developed Rails engines, and was particularly
> lazy in the eyes of the Lord, totally ripping off
> SaltedHashLoginGenerator as an example of his wicked way..."
> 
> In a nutshell, there''s the original LoginGenerator, on which lots
of
> authentication systems are based. One of these is the
> SaltedHashLoginGenerator, which adds a few features including
> localization and email verification. I believe Deirdre SM has stepped
> in to maintain this - she''ll know better where it''s
future lies.
> 
> The LoginEngine is an *example* of a development technique
> (http://rails-engines.org) which is heavily based on the SHLG.
> Feature-wise they are pretty much identical, although email is now
> optional, and the localization was totally removed. It continues to be
> developed and refined, and is very much open to public scrutiny and
> patching.
> 
> Your choice between using a generator and using an engine (any engine,
> the LoginEngine isn''t the only possible authentication system
possible
> using engines) should be based on how you evaluate the merits of
> either mechanism for sharing/reusing code. My personal view/propaganda
> is here: http://rails-engines.org/wiki/pages/Engines+vs.+Generators
> 
> Whichever you choose, be prepared to get intimate with the code -
> there''s no excuse for not working to understand how this code is
going
> to function within your application! Good luck :)
> 
> - James
> 
> On 1/16/06, Jens Alfke <jens@mooseyard.com> wrote:
> 
>>I just saw a mention here of LoginEngine, which I hadn''t heard
of before.
>>Last week when I was digging for user-account sample code for my
web-app, I
>>instead found the LoginGenerator and started using that:
>> http://wiki.rubyonrails.com/rails/pages/LoginGenerator
>>
>>Is one of these preferred over the other? From skimming the API docs, it
>>does seem that LoginEngine has more features, like email-based
verification,
>>that I''ve been hacking into LoginGenerator myself. If
LoginGenerator is
>>deprecated, or if LoginEngine is seeing more active development, then I
>>should probably switch over before deploying my app.
>>
>>Thanks,
>>
>>--Jens
>>_______________________________________________
>>Rails mailing list
>>Rails@lists.rubyonrails.org
>>http://lists.rubyonrails.org/mailman/listinfo/rails
>>
>>
>>
> 
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails