What do you prefer in terms of Authentication?
Plugin – Restful Authentication (recommended) – easy to use and you can tweak it according to your requirements.
Build your own authentication. You should rarely need to do this … Restful Authentication is quite flexible.
OpenID – a universal authentication system to avoid use of multiple username and password on the Internet. OpenID is getting quite famous now-a-days.
Access Control : To easily proivde different priviliges to your users. There are a lot of cool plugins available for access control.
Centralized Authentication Server – is used to implement single login/password for your users across multiple application. It can also be used for a single sign-on system. For example, Gmail and Google Reader have a single sign-on between them.
Use Google Authentication API to let your users login using their google username and password.
More Plugins :
Rails inbuilt Authentication – http://ryandaigle.com/articles/2006/12/4/whats-new-in…
Acts_as_authenticated – http://technoweenie.stikipad.com/plugins/show/User+Authentication
Super Simple Authentication – http://ariejan.net/2007/08/24/super-simple-…
How secured is your Model?
The problem arises when metacharacters are injected into your queries to database. Rails has a very good support to avoid SQL injection if you follow conventions in issuing queries to your database.