
When securing a web application there are two things that must be taken into consideration: Authentication and Authorization. At a high-level Authentication is “who are you?” and authorization is “are you allowed to be here?”. A while ago, we looked at pundit and cancan for Authorization. Today, we’ll look at a new feature in Rail 7.1 called authenticated_by (and has_secure_password).