On Wed, Mar 9, 2011 at 10:11 AM, Gaba Luschi <[email protected]> wrote:
> I'm working through a Rails tutorial and saw the following code: > > class UsersController < ApplicationController > before_filter :authenticate, :only => [:edit, :update] > before_filter :correct_user, :only => [:edit, :update] > > . > . > . > private > > def authenticate > deny_access unless signed_in? > end > > def correct_user > @user = User.find(params[:id]) > redirect_to(root_path) unless current_user?(@user) > end > > Why are authenticate and correct_user private methods? Would it be > harmful if they were made public? What would be the consequences? > Because external code could be written to take advantage of your authentication process and break in. In general, any method you don't want other parts of your code to have access to and/or are only for the internal workings of the code they are in should be private. B. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
