views:

80

answers:

2

Before I begin, I am using Ruby on Rails and the Devise gem for user authentication.

Hi, I was doing some research about account security and I found a blog post about the topic awhile ago but I can no longer find it again. I read something about when making a login system you should have 1 model for User, this contains a user's username, encrypted password, and email. You should also have a model for a user's Account. This contains everything else. A User has an Account.

I don't know if I'm explaining this correctly since I haven't seen the blog post for several months and I lost my bookmark.

Could someone explain how and why I should or shouldn't do this. My application deals with money so I need to cover my bases with security.

Thanks.

+1  A: 

Using different models to handle User (a model that handle basic authentication) and Account (a model that holds all the informations about what a user can do, how, ...) could give you some plus:

  1. storing User's data using a secondary storage system exposing higher security level
  2. restricting User's data access by other application artifacts (models, controllers, whatever)
  3. making code review and security audit easier

I tend to add personal informations (real name, phone number, ...) to the the User model while exposing operational data about the user in the Account model (nickname, bio, ...).

Luca
Someone reading while I was typing suggested to implement point #1 installing a database in another dimension. I had to share.
Luca
A: 

Well, it looks like a good architectural decision to keep those models separate because they refer to the different entities: User model belongs to auth system and Account model belongs to user profile management system. But it all depends. If your models are really tiny(say, 3-5 fields each), you probably couldn't have any advantages from such separation but additional headache. But, if your models are large and, say, User model is going to be used much more frequently - then you should think hard about implementing different models for clarity and performance reasons.

bsboris
Security practices shouldn't care about how large or tiny your data or how complex your models are. A model holding my SSN or my credit card number should be far more hardened than a model holding all my public comments on this website. At least, I would.
Luca