Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
So I’m building a blog app and now I need to build the Admin backend. Since im going to be the only user, is it a bad idea to just have a code snippet in my controller that says:
if params[:username] == myusername && params[:password] == mypassword
For the admin log in?
Could someone potentially get into my controller.rb file and get that info out?
There are no other users or admins on the site so placing a table in my DB seems redundant.
I do not recommend to put the credentials into the controller. This is simply the wrong place. You should at least put them into a config file. You should instead think about using Basic-Authentication if you just want to keep random visitors away from an admin area.
If you would like to know more about how simple it is to integrate authentication the Rails way, check out this RailsCast