greg haygood

Authlogic is a cool plugin that handles authentication for Rails (and Merb, etc).  But I just ran into a problem with one of its assumptions (which more generally probably ties back to a Rails assumption):  one error == one field == one message.
 
However, when dealing with authentication and other security mechanisms, the less information you leak out, the better the security.  So error messages that distinguish an invalid username from an incorrect password may be friendly, but they can let a would-be attacker gather more intel.  Better to hide it all behind a general "Invalid login" message.

With all the great info out there about building for the iPhone, the documentation for using encryption is pretty woeful.  The developer site talks about using the Security.framework, but when it gets down to actual code, there's not much there.  And it's still a leap to go from what's provided in the simplistic examples to real world stuff.