Hello, I was wondering if anyone could point me in the right direction in getting very simple admin authentication functionality in a protected back end, either as a method or plug-in. I am making a product catalog which needs to have just one admin user to be able to log in with a username and password to access the main CRUD. I have tried acts_as_authenticated and the simple http authentication plugins but they seem to be overkill or not entirely safe (AAA seems more for a large number of users with no admin functionality and the http authentication plugin seemed to only be for temporary testing, and would not be totally secure without inclusion of SSL). I'm sure this problem comes up quite a bit, the only method I could think of so far would be to hard code a admin username and password into a model and then use before filters on the appropriate controllers but this also seems unsafe and maybe bad practice. Thanks for anyone's help in advance and please excuse my "newbie-ness".
on 2007-04-16 11:52
on 2007-04-16 11:55
one more thing, another reason AAA didn't seem viable was because it seemed to allow anyone to sign up for an account, maybe I'm wrong though.