views:

58

answers:

2

If I have a different app on x-number of subdomains, it seems easiest to just have login be through the browser/javascript popup. Is this safe? Is it better to do this than server-side authentication? Do you have a little pastie on how to make the authentication popup and pass the info to say Rails?

+1  A: 

It's best to use server-side authentication for things such as hosting and the like, the security is much more elaborate and you can implement more checks and balances.

drlouie - louierd
+1  A: 

I would definitely use server side authentication. There's more flexibility, and its more secure.

I understand the desire to make things easier for the user, but security is one area where safe is better than easy.