application controller security

Shouldn't everything in the application controller be protected by
default?

I just realized that my app can be called like this:
www.myapp.com/application/method and it actually tries to run that
method inside my application controller.

Is everyone else just adding "protected" at the top?

Thanks,
Chad

Shouldn't everything in the application controller be protected by
default?

I just realized that my app can be called like this:
www.myapp.com/application/method and it actually tries to run that
method inside my application controller.

Is everyone else just adding "protected" at the top?

I agree I handle things the same way, but the application controller
public by default? That seems like a potential security risk for rails
web applications since EVERYONE has an application controller out of
the box.

cheers

Yes! Public/protected/private method visibility is a natural way to distinguish actions from their supporting methods. No need to introduce a special case here to sully that consistency.

jeremy

fair enough. done.