On Wed, Nov 11, 2009 at 4:25 AM, Katherine <bridgeuto...@gmail.com> wrote: > > Greetings. I need to know an expert's opinion on Authlogic and Restful > Authentication as to security. > I have used both and I personally like Authlogic precisely because it > is more flexible. > > As to security I am not aware of any risk as long as the authlogic > examples are followed. However I need to know why certain developers > feel that using Authlogic imposes security risks. > > It's like some manager tells you "your application is not secure > because you are using authlogic" without clearly explaining why.
If there's no explanation on that opinions, then you cannot take them seriously. Security depends on the developer, and several times on the user himself. How you cover your back it's up to you regardless the plugin/gem you're using, these are only tools that make the work a bit easier for you. When somebody tell you that your application is insecure for using some plugin, make him/her explain why and see if you have that covered, otherwise, nevermind it, if they can't explain why, then that's not even an advice. Cheers. -- Leonardo Mateo. There's no place like ~ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
