ModelSecurity hasn''t been updated since November and doesn''t
seem to be
actively maintained. Bruce Perens is a busy guy.
It has a nice API, but I ended up switching to something under active
development that used migrations for its database table creation.
Martin Gamsjaeger wrote:> Hiall,
>
> I would be very interested in your opinions on the ModelSecurity
> plugin by Bruce Perens.
>
> http://perens.com/FreeSoftware/ModelSecurity/Tutorial.html
>
> Some time ago, I read on a few pages that it is the way to go, on this
> list however, I didn''t read much about it. Apart from
it''s security
> level,
>
> quoted from comments in source code:
> # FIX: At the moment we only support Basic authentication. It''s
> # prone to sniffing. Change to Digest authentication.
>
> I am at the moment struggling with the fact that it stores the
> complete User object in the session data. While this is generally a no
> good idea, it''s a real problem for me, as I have to deactivate and
> reactivate user accounts in my app. I don''t think session expiry
> handling will be enough here ... I tried changing the code so that it
> only stores the user_id and user_name in the session, however I
didn''t
> get this to work so far ...
>
> Any tips? Better authentication libs?
>
> cheers
> Martin
--
Posted via http://www.ruby-forum.com/.