Gaspard,
thank you for a reply.
I checked out zena before, and while it is a good CMS in it's own right I don't think I can use it as it would require me to rewrite a huge a existing application, or write api hooks.
I was mostly looking for a "RAILS WAY" strategy to implement this. It looks like you are suggesting option #3. Which is what I got from a few other sources.
Thank you for reply thou.
nick ger wrote:
Gaspard,
thank you for a reply.
I checked out zena before, and while it is a good CMS in it's own right I don't think I can use it as it would require me to rewrite a huge a existing application, or write api hooks.
I was mostly looking for a "RAILS WAY" strategy to implement this. It looks like you are suggesting option #3. Which is what I got from a few other sources.
Thank you for reply thou.
No problem. And don't worry too much about "exposing" your app. Putting a "before_filter" in ApplicationController and a careful handling of the login system works good (I am migrating to authlogic). Just take care of two things:
1. no cache 
2. keep your clients happy !
Gaspard
Marnen Laibow-Koser wrote:
nick ger wrote:
Gaspard, while we are on the subject i was recently considering different systems, and while right now I'm using restful_authentication I looked at authlogic as well.
Any particular reason you prefer it over other rails authorization systems?
I'm not Gaspard, but my reasons for preferring Authlogic are many:
* It's easier to work with. * It doesn't clutter your model files with framework code (I'm ripping restful_auth out of Quorum [ http://quorum.sf.net ] at the moment, and the amount of framework-generated crap that I removed from user.rb is staggering). * You get more handy features for free. * Testing generally seems easier.
The only downside is that Authlogic does slightly more magic.
Best, -- Marnen Laibow-Koser http://www.marnen.org marnen@marnen.org
For all the reasons above and easy transitions from password hashing schemes:
My current hashing method on passwords is not the best possible solution so I can write an 'InitialCryptoProvider' to hash and match my old passwords and write a single line in my User class to smoothly transition from one hashing scheme to another without stressing my users.
acts_as_authentic :transition_from_crypto_provider => Zena::BetaCryptoProvider, :crypto_provider => Authlogic::CryptoProviders::BCrypt
And authlogic makes it easy to support new authentications (ldap, openid, etc).
G.
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks