> but the best-known Rails sample code is all vulnerable.
Rails is moving so fast now that most sample code is very outdated. Take authentication for example, there's at least 5 different plugins, all favoured as the best way to authenticate in rails at one time or another. Totally hopeless for a newbie to dig out which is the solution to go with, or at least it's a few days trial and error, trying out tutorials here and there. I've done a few rails projects on and off and each time I come back there's tons of new stuff, which is really great, but I would personally like to have more batteries included or "blessed" official plugins because I don't spend all my time in rails land, and it's hard to keep track of all the new goodies.
I'm not sure what your point is, since every "serious" Rails app does need it, and even unserious web apps with "incidental" auth features can end up storing bank passwords.
i beg to differ. here are "serious" websites that doesn't do user authentication:
- google.com (the original search engine)
- techmeme.com
- wikipedia (the original version)
- tinyurl
I could probably find dozens of examples, but those are just the ones I could find on my toolbar. And yes, those are not specifically rails application, but they do prove that there are web applications without user authentication
Ok, I'm not sure you've noticed the past few years of Intertubing, but Google has the second most coveted authentication token on the net. I'm not sure what a techmeme.com is, but I definitely know that Wikipedia has logins, and admin logins, and like 3 levels of authentication above that.
Rails is moving so fast now that most sample code is very outdated. Take authentication for example, there's at least 5 different plugins, all favoured as the best way to authenticate in rails at one time or another. Totally hopeless for a newbie to dig out which is the solution to go with, or at least it's a few days trial and error, trying out tutorials here and there. I've done a few rails projects on and off and each time I come back there's tons of new stuff, which is really great, but I would personally like to have more batteries included or "blessed" official plugins because I don't spend all my time in rails land, and it's hard to keep track of all the new goodies.
Really interesting article.