Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix readme errors

  • Loading branch information...
commit a03f931a5e892bd68046542fdceeb57287c28864 1 parent 418f14f
@binarylogic authored
Showing with 3 additions and 1 deletion.
  1. +1 −1  README.rdoc
  2. +2 −0  lib/authgasm/session/base.rb
View
2  README.rdoc
@@ -244,7 +244,7 @@ I don't necessarily think the current solutions are "wrong", nor am I saying Aut
Generators have their place, and it is not to add authentication to a rails app. It doesn't make sense. Generators are meant to be a starting point for repetitive tasks that have no sustainable pattern. Take controllers, the set up is the same thing over and over, but they eventually evolve to a point where there is no clear cut pattern. Trying to extract a pattern out into a library would be extremely hard, messy, and overly complicated. As a result, generators make sense here.
-Authentication is a one time set up process for your app. It's the same thing over and over and the pattern never really changes. The only time it changes is to conform with newer / stricter security techniques. This is exactly why generators should not be an authentication solution. Generators add code to your application, once code crosses that line, you are responsible for maintaining it. You get to make sure it stays up with the latest and greatest security techniques. And when the plugin you used releases some major update, you can't just re-run the generator, you get to sift through the code to see what changed! Awesome! The cherry on top is the fact that you get to go through every app you've made and apply this update. You don't really have a choice either, because you can't ignore security updates.
+Authentication is a one time set up process for your app. It's the same thing over and over and the pattern never really changes. The only time it changes is to conform with newer / stricter security techniques. This is exactly why generators should not be an authentication solution. Generators add code to your application, once code crosses that line, you are responsible for maintaining it. You get to make sure it stays up with the latest and greatest security techniques. And when the plugin you used releases some major update, you can't just re-run the generator, you get to sift through the code to see what changed. You don't really have a choice either, because you can't ignore security updates.
Using a library that hundreds of other people use has it advantages. Probably one of the biggest advantages if that you get to benefit from other people using the same code. When Bob in California figures out a new awesome security technique and adds it into Authgasm, you get to benefit from that with a single update. The catch is that this benefit is limited to code that is not "generated" or added into your app. As I said above, once code is "generated" and added into your app, it's your responsibility.
View
2  lib/authgasm/session/base.rb
@@ -93,12 +93,14 @@ def controllers
# UserSession.new
# UserSession.new(login, password)
# UserSession.new(:login => login, :password => password)
+ # UserSession.new(User.first)
#
# If a user has more than one session you need to pass an id so that Authgasm knows how to differentiate the sessions. The id MUST be a Symbol.
#
# UserSession.new(:my_id)
# UserSession.new(login, password, :my_id)
# UserSession.new({:login => loing, :password => password}, :my_id)
+ # UserSession.new(User.first, :my_id)
#
# Ids are rarely used, but they can be useful. For example, what if users allow other users to login into their account via proxy? Now that user can "technically" be logged into 2 accounts at once.
# To solve this just pass a id called :proxy, or whatever you want. Authgasm will separate everything out.
Please sign in to comment.
Something went wrong with that request. Please try again.