This is more just a question of concepts. I have read extensively in
ruby and although many question are still itchy, I am wondering if
making my own authentication is the best. A person told me to follow the
tutorial on http://ruby.railstutorial.org/chapters/ in which I did.
However the authentication system is kinda basic and i am just wondering
if I should follow this tutorial
I personally don’t understand gems and are a black hole for me, hence i
prefer making my own authentication system based on that tutorial.
Although device and cancan are well though and seem to fit in well. I am
wondering if the tutorial of ernie covers most security feature that an
authorization system and also by combining it with ( rails book) or
should I worry about more security feature or Its so out-of-date that
device or cancan should be only my consideration.
I am looking for though or suggestion.
Thanks in advanced
Note that Devise and CanCan are orthogonal… you can use both, or
either.
Authentication is something that doesn’t change a lot after it’s set up,
so
you might write it once and forget about it. It’s good if you want to
keep
it simple. I suppose you might decide to support a new mechanism like
OAuth
or OpenID (for facebook/twitter/google login), and that might be harder
to
add to your own existing system later. Devise is maybe harder to
understand, but that is the trade-off, it takes care of the complexity
for
you.
One immediate smell I get from Ernie’s tutorial is using method_missing
for
roles… I personally wouldn’t do that, and
@user.is_a_user_or_admin_or_superhero_or_demigod_or_chuck_norris? is a
bit
ridiculous. I would pass on this tutorial.
Devise + CanCan is basically plug & play, but you can still customize a
lot. I would recommend it. Also for security, you are covered by more
eyes
on the code.
I personally don’t understand gems and are a black hole for me
Gems are just bits of ruby code packaged in a way that makes life easy
for the user. Rails itself is just a set of gems. Look in the file
Gemfile.lock in your application and you will see all the gems you are
already using. You will waste a lot of time if you do not build on
the shoulders of those who have come before. Spend a small amount of
time learning about gems such as cancan and you will progress much
more rapidly.
Colin
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.