All geek questions in one place

When to use Devise vs. Create Your Own Authentication

As indicated in the header, when to use, and when should I do my own authentication instead. In essence, I am wondering if the secure and secure authentication credentials are in some textbooks (like this one ).

If I don’t need confirmation by email, recovery, etc. (a lot of "jazz" related to Devise), will the account information be as secure as if I created my own?

If you can still be confused by what I'm looking for, is to develop something that you should use when possible / when do you have accounts? Or is this really a solution?

Note. I do not specifically refer to Devise; any authentication instances can be replaced.

+5
source share
3 answers

I used to use gems as Devise until Rails added has_secure_password to ActiveRecord. Now I always roll back my own, as in the end I always need some kind of custom materials that make it difficult to implement in the existing library.

Ryan Bates has a great video on this topic here .

+6
source

implement my own authentication

Anytime you start thinking about whether to create your own authentication, you need to stop. Take this idea, trick it, douse it with gasoline and burn it!

Authentication is complex. There are subtleties that exist in authentication, and developers who use CRUD style programming will skip them. This should not be an insult. I am one of those programmers and I work in the security field. Recognize your strengths and weaknesses.

Thousands of hours of analysis, design, testing, and code development time have been spent in development (and in most popular authentication systems) in comparison with the base that you are going to do yourself.

I wrote a blog post about the β€œsmart” security feature , which actually made the security of the company worse. This is a good example of how thin authentication and security can be!

+6
source

In my opinion, you should solve this according to your project. If you are working on a small web service with minimal functionality, you can add your own auth using the tools provided by Rails. But if you are working on a so-called "enterprise", a large project with rapidly growing functionality, you should definitely use devise , since with this stone you will not spend time creating existing auth functions, it is very easy to maintain and safe.

+1
source

Source: https://habr.com/ru/post/1207790/

More articles:


All Articles