Craig’s solution is best – you can’t really password protect script/
console. Even if you restrict access there, you’ll need to worry
about people who require your RAILS_ROOT/config/environment.rb into
their scripts because that’ll give them access to all your models from
within their scripts.
If you really wanted to password protect the whole thing, you’ll need
to setup some sort of scheme whereby your webserver passes in a key or
something to your rails app on boot. This same key would need to be
provided by script/console and whatever other scripts you have.
All-in-all a huge headache. I’d go with Craig’s solution.