I’m writing a ruby on rails application using mongoid and I’m wondering about the

Question

0

Asked: May 30, 20262026-05-30T21:57:41+00:00 2026-05-30T21:57:41+00:00

I’m writing a ruby on rails application using mongoid and I’m wondering about the

0

I’m writing a ruby on rails application using mongoid and I’m wondering about the security implications of storing users and admin users in the same document. My current implementation is using devise and kind of modeled on how activeadmin does it. The admin users are in a separate document so there isn’t any chance of someone escalating their privileges. This is a public facing site and there is some financial information involved.

But i’m curious if maybe I’m just making more work for myself and this is kind of unneeded.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-30T21:57:42+00:00

Editorial Team

2026-05-30T21:57:42+00:00Added an answer on May 30, 2026 at 9:57 pm

There shouldn’t be any implications as long as you prevent users from being able to update the mechanism for privileges. If you have a boolean flag called is_admin for example, ensuring that you have attr_protected :is_admin is vital to protect against mass-updated from changing this privilege.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m writing a ruby on rails application using mongoid and I’m wondering about the

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply