I know that it is rather old news by now, but I just discovered the wonders of Authlogic. If you have any sort of private interface to your app, whether it is adding products to your store or just adding comments to a forum, you may want some sort of authentication to keep the Viagra-toting spam-hordes at bay.
The great thing about Authlogic is that it is very light and adaptable, especially as opposed to that bastion of yore, Restful Authentication. You can use Authlogic by itself, and have a perfectly secure application, or you can use it with any number of plugins, from openid to facebook, so that the wonders of having just one password/login combination can be yours.
As usual, Ryan Bates has a wonderful railscast on the matter, that gives a very thorough introduction to Authlogic. Check it out: http://railscasts.com/episodes/160-authlogic
Comments
shiningthrough
Ah! very clever, how did you do that then?
RORblogger
Thanks so much for this awesome piece of advice! I had a ROR blog which was completely unsecured, anyone could just add a new post by changing "show" to "new" in the params. Now my blog is completely tamper-proof! Thanks again shiningthrough, you rock!
somanyrobots
I'd guess an unsecured controller somewhere? If so, then there's nothing to stop a clever URL-hacker from writing his own posts.
iamringo
Right now, anyone can go to http://shiningthrough.co.uk/blog/new and make a new blog post...
Social Blogging is A
I think you should just leave the blog public. Like, wiki-style. That would be awesome.
shiningthrough
hmmmm, that was careless of me, thanks for the heads up. Would the last 4 posts happen to be from the same person by any chance? The social blogging suggestion is not a bad idea, has it been done before?
smudge
We're a team of Rails programmers who happened to stumble upon your security vulnerability and thought we'd let you know. My other comment was under the title "Social Blogging is A," but the others are all different people.
iamringo
I see you put authlogic in. Way to go : )
shiningthrough
I did indeed!