“Thanks goodness [sic], there’s only about a billion of these because DHH doesn’t think auth/auth [sic] belongs in the core.”
—George Hotelling at http://del.icio.us/revgeorge/authentication
I bet every web app you’ve ever worked on has needed some form of user security, and some people assume it makes sense to include some sort of standard authentication functionality in a “kitchen-sink” framework such as Rails. However, it turns out that user security is one of those areas of application design that usually involves a bit more business logic than anyone realizes upfront.
David Heinemeier Hansson has clearly stated his opinions1 on the matter, to help us understand why Rails does not include any sort of standard ...