User Management - whats the most popular approach?

I tried login/user engine, then I switched to active_rbac, which I like much better.

Greg Hauptmann wrote:

This was my experience. However I really do need to look at acts_as_auth

I would like to hear why people are switching, if there is more than an
aesthetic to it

Is it a security issue?

Personally I love how easy to use the User and Login engines are

When I look at the other options I see more 'stuff' to configure

If you're looking for something plain and simple:

You can always create a directory in public with the same name as the
controller you wish to protect

Add .htpasswd and .htaccess to those directories

BTW Streamline looks awesome

I'd stay far far away from engines, especially after burning my
fingers to fix them when we had a major security hole in rails.

Nononononono to engines ! Just use AAA/Streamlined.


Id rather not...but that's just my opinion

The setup is well.. not very elegant
No offense, but Id rather use .htaccess files

When are engines going to be secure again? Are they secure now?

Are they going to be pulled from the script/plugins list if they arent?

Is there any processes and/or protocols in place for testing plugins and
engines to make sure they are secure?

What exactly are the issues with using engines?

Please use facts
I don't get persuaded otherwise

Engines depends on version of rails. So when people upgraded rails to
1.1.6, all of their engines support broke. And they had to wait for
1-2 days, till new version of engine came out which supports rails

I'm talking about dependency issue, not security.