Rails Security
Very curious to hear some thoughts on using aspect filters to manage security at the ApplicationController level as opposed to at a specific controller (MemberController, for example). As a noob, I’m learning it’s considered safer to place a before_filter in the ApplicationController and then place a skip_before_filter in controllers where it’s not necessary. This is considered a less error prone approach as it avoids omissions.
I’ll be attending LA Ruby Conf this year and hopefully I’ll get the real life face time with other developers to get some actual feedback on these types of questions.
