I tried login/user engine, then I switched to active_rbac, which I like much better.
Greg Hauptmann wrote:
This was my experience. However I really do need to look at acts_as_auth
I would like to hear why people are switching, if there is more than an aesthetic to it
Is it a security issue?
Personally I love how easy to use the User and Login engines are
When I look at the other options I see more 'stuff' to configure
If you're looking for something plain and simple:
You can always create a directory in public with the same name as the controller you wish to protect
Add .htpasswd and .htaccess to those directories
BTW Streamline looks awesome
I'd stay far far away from engines, especially after burning my fingers to fix them when we had a major security hole in rails.
Nononononono to engines ! Just use AAA/Streamlined.
-Pratik
Id rather not...but that's just my opinion
The setup is well.. not very elegant No offense, but Id rather use .htaccess files
When are engines going to be secure again? Are they secure now?
Are they going to be pulled from the script/plugins list if they arent?
Is there any processes and/or protocols in place for testing plugins and engines to make sure they are secure?
What exactly are the issues with using engines?
Please use facts I don't get persuaded otherwise
Engines depends on version of rails. So when people upgraded rails to 1.1.6, all of their engines support broke. And they had to wait for 1-2 days, till new version of engine came out which supports rails 1.1.6
I'm talking about dependency issue, not security.
Thanks, Pratik