代码中的管理凭证?-Admincredentialsrightinthecode?

So I'm building a blog app and now I need to build the Admin backend. Since im going to be the only user, is it a bad idea to just have a code snippet in my controller that says:

所以我正在构建一个博客应用程序，现在我需要构建管理后端。因为im将是唯一的用户，在我的控制器中有一个代码段说:

if params[:username] == myusername && params[:password] == mypassword

For the admin log in?

为管理员登录?

Could someone potentially get into my controller.rb file and get that info out?

有人可能进入我的控制器吗。rb文件，然后把信息发出去?

There are no other users or admins on the site so placing a table in my DB seems redundant.

站点上没有其他用户或管理员，所以在我的DB中放置一个表似乎是多余的。

1 个解决方案