> Isn't that the type of thing a new dev is very likely
> to get wrong and get burned by?
I doubt it.
Hand-rolling your own authentication is trivial in Rails. There are plenty of good tutorials and blog posts about it. There's even a Railscast on it. Rails even has a secure password helper and a digest generator.
You're more likely to get burned by Devise when you want to make trivial customizations to it. You quickly get weird override methods in your User model and rigid behavior from code you can't grep.
I think rolling your own authentication is far more newb-friendly. You're only a handful of lines away from your own `current_user` helper, and you retain full control.
To my thinking, auth is hard and the complexities shouldn't be glossed over. And you don't want to bog a newbie down by making them understand what rainbow tables and replay attacks are. So it's better to skip that and circle back around later once they get some familiarity with web dev in general.
Hand-rolling your own authentication is trivial in Rails. There are plenty of good tutorials and blog posts about it. There's even a Railscast on it. Rails even has a secure password helper and a digest generator.
You're more likely to get burned by Devise when you want to make trivial customizations to it. You quickly get weird override methods in your User model and rigid behavior from code you can't grep.
I think rolling your own authentication is far more newb-friendly. You're only a handful of lines away from your own `current_user` helper, and you retain full control.