I can't figure out why the Rails core team hasn't fixed this yet...

The form_authentication_token is composed of Base64 and it kills some Internet Explorer non-Browsers when the Base64 contains '=', '+' or '/' (which happens with Base64 sometimes).

The token is generated using ActiveSupport::SecureRandom. It hands out a method called base64(). And, here is the surprise, it also hands out a method called hex(). Why the core team hasn't changed the base64(32) to hex(32) some odd releases of Rails ago is beyond me.

...that was the goal.

I had a glance over at this lil' comparison when I was looking for a good authentication plugin (I like plugins, they save me code writing) and I gloomed.

All I wanted was something to authenticate a user with. Something that has knowledge of a username and password and can combine the two together so that you can say; "That girl at the other end is Alice after all".

I was browsing through my lost tweets and found this tweet by Mojombo, promoting this wonderful idea called Effigy.

I am wonderfully amazed by the simplicity of the concept and wonder why I it hasn't been done before (although Wicket does something similar). It gives true power to the View as seen as part of an MVC framework. The view tends to clutter with Control stuffs, but Effigy might have a good chance of stopping that.

I had to try it immediatly; and hooray! It works!

In Rails, the database connection hides behind an adapter. This adapter allows you to execute queries, but you cannot bind variables in a safe manner where the database driver does the escaping for you. Not something you want in a web-application where SQL injection should be on the top of your list of concerns.

Here's a little snippet of code to put in lib/adapter_connection.rb of your RAILS_ROOT to be able to obtain the true connection and start binding and escaping.