Hello,

I have a Rails application that connects to a legacy database (Oracle) and displays some information from a particular user. Right now the user is passed as a URL parameter, but this has obvious security issues because users should only be able to see their own data.

To solve that, I want to implement a user login, and I did some research and came across 2 components for that, restful_authentication and authlogic.

The problem is that I need to use an existing user/password database instead of creating a new one, which is the common way to use those components. The password is encrypted by a custom Oracle package, but let's assume it is stored as plain text to make things simpler.

I only need very basic functionality, which is login a user and keep them logged in forever until logout. No changes to the database will be made by this application, so there's no need for sign up, e-mail activation, reset password, etc.

Can someone point me in the right direction on how to do that? Is any of those 2 components a good solution? If not, what would be recommended?

Thanks!