User account design and security

Question

User account design and security

Before starting, I use Ruby on Rails and the Devise gem to authenticate users.

Hi, I did some research on account security, and a while ago I found a blog post about this topic, but I can no longer find it. I read something about the fact that when creating the login system you should have 1 model for the user, it contains the username, encrypted password and email. You must also have a model for the user account. It contains everything else. The user has an account.

I don’t know if I’ll explain it correctly, since I have not seen the blog post for several months, and I lost the bookmark.

Can someone explain how and why I should or should not do this. My application deals with money, so I need to protect my bases.

Thank.

+3

design security ruby-on-rails ruby-on-rails-3 database-design

espinet May 29 '10 at 18:36

source share

2 answers

lbz · Answer 1 · 2010-05-30T13:27:00+0000

Using different models for processing User (a model that processes basic authentication) and Account (a model that contains all the information about what the user can do, how, ...) can give you several advantages:

saving user data using a secondary storage system with a higher level of security
restrict user data access to other application artifacts (models, controllers, whatever)

( , ...) User, Account (, ,...).

bsboris · Answer 2 · 2010-05-30T18:22:22+0000

, , , : auth, . . (, 3-5 ), , , , . , , , , - , .

User account design and security

More articles: