Added restful authentication features

Pardon mf ignorance but what is the easiest way to take the
crypted_password that the restful authentication plugin stores in the
DB and extract the real password from it so that it can be placed in a
variable and then used in a view? I have seen some sources where
people are implimenting a forgot and reset function but I just want to
get at the password after its been stored.

On Oct 26, 4:22 pm, h3avyarms [email protected] wrote:

Pardon mf ignorance but what is the easiest way to take the
crypted_password that the restful authentication plugin stores in the
DB and extract the real password from it so that it can be placed in a
variable and then used in a view? I have seen some sources where
people are implimenting a forgot and reset function but I just want to
get at the password after its been stored.

You don’t. The password isn’t actually encrypted; rather an SHA1
digest of the password is stored in the DB.

Encryption is difficult, and secure management of the necessary keys
is perhaps moreso, so unless its a requirement (preferably a somehow
reasonable one) that users’ passwords be re-retrievable, just
implement password reset functionality and be done with it.

pharrington wrote:

On Oct 26, 4:22�pm, h3avyarms [email protected] wrote:

Pardon mf ignorance but what is the easiest way to take the
crypted_password that the restful authentication plugin stores in the
DB and extract the real password from it so that it can be placed in a
variable and then used in a view? I have seen some sources where
people are implimenting a forgot and reset function but I just want to
get at the password after its been stored.

You don’t. The password isn’t actually encrypted; rather an SHA1
digest of the password is stored in the DB.

To be more clear: the impracticality of reversal is the point of using
hash functions for storing passwords. It annoys me if I ever find out
that a site is able to “retrieve” my passwords. So much so that I
strongly consider not using the site at all.

Password recovery by resetting is the “right” solution.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs