On 3 May 2006, at 17:45, James A. wrote:
There is no ‘rails official’ way of authenticating, or storing
passwords, as this is logic specific to your application. Maybe hashed
passwords aren’t important? It’s quite possible.
I’m currently playing with the idea of building a load of tools to
make a Rails application OWASP compliant out of the box, and then try
talking the Rails core into making it ‘standard’. This stuff is so
standard, there is no reason why we shouldn’t be making it as
standard-orientated as connecting to a database, and then give hooks
for legacy authentication.
The login engine isn’t meant to be mashed into other applications
which make their own assumptions about some kind of user model. It
does try to be flexible where it can, but to some extent it’s like
asking a spanner to be a hammer. It’s going to get ugly.
I’ve been able to get it to do some pretty weird stuff, but I agree
it looks horrendous. My code is ugly, which isn’t nice.
I’d recommend that you pick one of these systems (login engine, or
opinion) and then add whatever is missing from the other, within your
Alternatively, perhaps login_engine could have a webservices
interface, and then opinion (and others) could talk to it via that?
I’m happy to look at putting some code up for that…