Thanks goodness [sic], there’s only about a billion of these because DHH doesn’t think auth/auth [sic] belongs in the core.
—George Hotelling at http://del.icio.us/revgeorge/authentication
If you’re building a web application, more often than not you will need some form of user security. User security can be broken up into two categories, authentication, which verifies the identity of a user, and authorization, which verifies what they are able to do in your application.
In version 3.1, Rails introduced
has_secure_password, which adds methods to set and authenticate against a BCrypt password. Although this functionality now exists in the framework, it is only a small part of a robust authentication ...