Next: Using Postgres to Make Our Login More Secure

Devise cannot absolutely prevent users from getting into our database that do not meet our security criteria. For example, Active Record provides the method update_attribute, which skips validations and could be used to insert a user with any email address into the USERS table. What we need is for the data layer itself to enforce our requirements.

Postgres’s check constraints can do this.

Footnotes

[9]

http://bundler.io/

[10]

https://github.com/plataformatec/devise

[11]

http://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration

[12]

https://github.com/rails/turbolinks

[13]

https://github.com/rails/spring

[14]

http://rspec.info/

[15]

http://guides.rubyonrails.org/command_line.html#rails-generate ...

Get Rails, Angular, Postgres, and Bootstrap now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial