I’d like to get some opinions out there from some skillful Rails
programmers. Let me ask if a certain scenario is possible. I would
like to expose the major portion of my web app, which acts as a
workspace, to anyone that accesses it without any form of signup. In
the workspace they have the ability to manipulate text fields, etc.
and then save them to a database. The fact that they visit and work
in the workspace would save a cookie to their computer. That cookie
could remember which “user” visited and therefore access their data
again. However upon revisiting rather than allow them to continue,
force them to sign in.
My question is this: what are the security concerns for a web app to
create generic users simply by a person visiting a site rather than
signing up?
Thanks much for any input. You all’s awesome.