[Rails] using subdomains as account keys
Tim Lucas
t.lucas at toolmantim.com
Thu Mar 3 02:10:37 GMT 2005
On 03/03/2005, at 4:13 AM, Nicholas Wieland wrote:
> I finally managed to use subdomains as account keys, just as in
> tadalist.
Cool.
> Now I have an "account" variable in all my controllers, and was
> thinking
> about what implications I'm going to have on security, because the
> accounts table contains all account crypted passwords (of course).
> Is it secure or not ?
I don't think there's anything inherently insecure about it.
Only problem I could see is that If you allowed users to create their
own erb templates that you just executed blindly...
- tim lucas
More information about the Rails
mailing list