Hacker News new | past | comments | ask | show | jobs | submit login

For me the sweet spot is somewhere in between. If it just shipped with a decent auth module that would work for 90% of people, but that could also be easily replaced or extended if needed, that would be the best of both worlds.



Even rails doesn't ship with an auth module though. Lots of people use Devise and there is an equivalent for Elixir (Coherence)...but shipping with auth built in is an exploit waiting to happen IMO.


Rails ships with an auth module: http://api.rubyonrails.org/classes/ActiveModel/SecurePasswor...


has_secure_password is not an "auth module". That's simply a handy function to handle a password attribute... which an actual auth module can make use of if it desired.


My mistake. :) was that added in 5?

Am I reading that right or is it just comparing an unencrypted string to the encrypted version?


It was added in 3.1 (http://guides.rubyonrails.org/3_1_release_notes.html) and uses bcrypt under the hood.


Laravel does, and their more batteries included approach is nice in my opinion




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: