User Management - whats the most popular approach?

Hi all,

What’s the most common approach for implementing User Management such
that you don’t have to write it yourself. I mean already working
screens/functionality for (a) users to self-register, (b) administrators
to administer the users and their access rights, (c) hook this into your
applications AUTHENTICATION and AUTHORISATION?

I can already see options such as (including Plugins and Engine options)
from http://wiki.rubyonrails.org/rails/pages/Plugins:

• Acts As Authenticated Plugin

• Authorization Plugin

• Login Engine

• User Engine

What’s the most popular of these does anyone know (i.e. the more tried
and proven with most uptake I guess)

Thanks

I liked acts_as_authenticated. Simple, understandable yet malleable.
The engines stuff has been horribly buggy, at least when I tried it
last. I wouldn’t choose based on popularity. The Login Engine and User
Engine are far more popular than they deserve to be.

– G.

i like acts_as_auth as well. tried User/Login engine and realized i
liked more the ability to get in the code and extend/change. AAA’s
generators allow for that easier than the Engine approach.

ed

I’ve yet to see a good “slap this in and you have a full admin panel w/
user
controls” type of engine/plugin. The simple stuff is easy to build on,
but
i’d love to hear about something already done.

one of the user (engines or otherwise) + the streamlined[1] framework
will get you pretty close…

J

[1] streamlined screencast: http://streamlinedframework.net/pages/
download

incognito - what do you do then for authorization? and screens to manage
user access rights?

incognito wrote:

I liked acts_as_authenticated. Simple, understandable yet malleable.
The engines stuff has been horribly buggy, at least when I tried it
last. I wouldn’t choose based on popularity. The Login Engine and User
Engine are far more popular than they deserve to be.

– G.

Hi Jodi - how mature is this streamlined framework? Have you used it?

What did you mean by user + streamlined - did you mean you have to
complement streamlined with other components to make it cover user
management completely?

Jodi S. wrote:

one of the user (engines or otherwise) + the streamlined[1] framework
will get you pretty close…

J

[1] streamlined screencast: http://streamlinedframework.net/pages/
download

I would look at activerbac https://activerbac.turingstudio.com/trac if
you have complex needs. Its not flashy but its fully done and has
everything I have ever needed, or could be easily added.

On 8/18/06, Greg H. [email protected] wrote:

will get you pretty close…

–
Elliott C.
[email protected]
[email protected]

I tried login/user engine, then I switched to active_rbac, which I like
much better.

This was my experience. However I really do need to look at
acts_as_auth

On 8/19/06, Jason E. [email protected] wrote:

to administer the users and their access rights, (c) hook this into your

–
Elliott C.
[email protected]
[email protected]

I would like to hear why people are switching, if there is more than an
aesthetic to it

Is it a security issue?

Personally I love how easy to use the User and Login engines are

When I look at the other options I see more ‘stuff’ to configure

If you’re looking for something plain and simple:

You can always create a directory in public with the same name as the
controller you wish to protect

Add .htpasswd and .htaccess to those directories

BTW Streamline looks awesome

I’d stay far far away from engines, especially after burning my
fingers to fix them when we had a major security hole in rails.

Nononononono to engines ! Just use AAA/Streamlined.

-Pratik

On 8/19/06, Clayton C. [email protected] wrote:

To: [email protected]

Greg H. wrote:

Elliott C.
[email protected]
[email protected]

–
rm -rf / 2>/dev/null - http://null.in

Dont judge those who try and fail, judge those who fail to try…

Id rather not…but that’s just my opinion

The setup is well… not very elegant
No offense, but Id rather use .htaccess files

When are engines going to be secure again? Are they secure now?

Are they going to be pulled from the script/plugins list if they arent?

Is there any processes and/or protocols in place for testing plugins and
engines to make sure they are secure?

What exactly are the issues with using engines?

Please use facts
I don’t get persuaded otherwise

Tks Elliott - Did you look at the other alternatives people have
mentioned in this thread before picking this one?

Elliott C. wrote:

I would look at activerbac https://activerbac.turingstudio.com/trac if
you have complex needs. Its not flashy but its fully done and has
everything I have ever needed, or could be easily added.

On 8/18/06, Greg H. [email protected] wrote:

will get you pretty close…

–
Elliott C.
[email protected]
[email protected]

Pratik - what did you mean by AAA/Streamlined? What are these? Can you
provide some links? Would you be able to write a few words re the
benefits of this over the other plugins/engines that have been discussed
in this tread?

Tks

Pratik Naik wrote:

Nononononono to engines ! Just use AAA/Streamlined.

-Pratik

Engines depends on version of rails. So when people upgraded rails to
1.1.6, all of their engines support broke. And they had to wait for
1-2 days, till new version of engine came out which supports rails
1.1.6

I’m talking about dependency issue, not security.

Thanks,
Pratik

On 8/19/06, Clayton C. [email protected] wrote:

fingers to fix them when we had a major security hole in rails.

Is it a security issue?

screens/functionality for (a) users to self-register, (b)

[email protected]
rm -rf / 2>/dev/null - http://null.in

Dont judge those who try and fail, judge those who fail to try…

–
rm -rf / 2>/dev/null - http://null.in

Dont judge those who try and fail, judge those who fail to try…