I am aware of some authlogic issue with Passenger (destoying sessions often yield an error). But I think it can be fixed easily as long as your production server is a VPS. I told them I'm going to throw an in-depth review of your review and got an unusual response. I think this is the case wherein developers have gotten used to Restful authentication that anything else out there (like Authlogic, Clearance and others) are not acceptable.
On Nov 11, 10:36 pm, Marnen Laibow-Koser <rails-mailing-l...@andreas- s.net> wrote: > Katherine wrote: > > [...] > > > As to security I am not aware of any risk as long as the authlogic > > examples are followed. However I need to know why certain developers > > feel that using Authlogic imposes security risks. > > I've never heard this. > > > > > It's like some manager tells you "your application is not secure > > because you are using authlogic" without clearly explaining why. > > Well, *make* them explain! They can't just tell you the sky is green > without taking you to the window and showing you, now can they? > > Best, > -- > Marnen Laibow-Koserhttp://www.marnen.org > mar...@marnen.org > -- > Posted viahttp://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---