Newbie question: Logins

Ajay Kapal wrote:

Hi all,

I am implementing a site that given a login/pass will log the user into a page whose url contains the login name (a la Anyone can see this page, but if you are logged in, certain operations become available (ie, modify your profile).

Is there a good existing framework that could do the heavy lifting for me? If not, are there any suggestions on which approach to take?

Login is a huge debate topic in the Rails world. There are many options

Salted Hash Login Generator login engine RBAC login engine ...

The generator method seems dead and people either roll their own or use an engine.

DHH would argue you must roll your own and the second edition of Agile Web Development with Rails pdf will get you started with salts etc


I just built a security schema surrounding the login engine.

Watch out - I had to modify just about everyfile because the word "PASSWORD" is reserved in SQL92, and my SQL92 compliant RDBMS choked on most of the login queries.

Still, it only took me an evening to build the core of my security modules around this simple engine.

Most "gotchas" I have seen so far with Rails concern the use of reserved words.