When I do this, I store the after a successful login. user's id in session. My controller actions pass that id into the find method @tasks = Task.find_all_by_user_id(session[:user_id]) The session would have to be hacked in order for that to be broken. It's been secure enough for me.
on 2006-02-02 20:44