Newbie question: Logins

Ajay Kapal wrote:

Hi all,

I am implementing a site that given a login/pass will log the user into
a page whose url contains the login name (a la Anyone
can see this page, but if you are logged in, certain operations become
available (ie, modify your profile).

Is there a good existing framework that could do the heavy lifting for
me? If not, are there any suggestions on which approach to take?

Login is a huge debate topic in the Rails world. There are many options

Salted Hash Login Generator
login engine
RBAC login engine

The generator method seems dead and people either roll their own or use
an engine.

DHH would argue you must roll your own and the second edition of Agile
Web Development with Rails pdf will get you started with salts etc


I just built a security schema surrounding the login engine.

Watch out - I had to modify just about everyfile because the word
"PASSWORD" is reserved in SQL92, and my SQL92 compliant RDBMS choked
on most of the login queries.

Still, it only took me an evening to build the core of my security
modules around this simple engine.

Most "gotchas" I have seen so far with Rails concern the use of
reserved words.