Devise Admin View password

Hi Everyone

i am using devise for authentication for my app.
Is there any way, Admin user can view other users password as normal
string.

Without storing there password as string in database?
Please advise.

Hi,

With Devise vanilla config it’s not possible. You should look to custom
encryptor
(https://github.com/plataformatec/devise/wiki/How-To:-Create-a-custom-encryptor)
with reversible encryption. But you should really don’t
do that, it’s a security breach and client private life violation. As a
sysadmin for many years now I’ve never seen a good reason to keep
password readable.

Le 07/01/2013 07:39, Saravanan P a crit :

Ok thanks Jrmie Horhant :slight_smile:

On Mon, Jan 7, 2013 at 1:01 PM, Jrmie Horhant
<[email protected]

wrote:

password readable.


You received this message because you are subscribed to the Google G.
“Ruby on Rails: Talk” group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit https://groups.google.com/groups/opt_out.


Regards by
Saravanan.P

In my case, Admin user can create many different sub-users. And he can
view
their password too… :frowning:

On Mon, Jan 7, 2013 at 1:23 PM, Colin L. [email protected]
wrote:


You received this message because you are subscribed to the Google G.
“Ruby on Rails: Talk” group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit https://groups.google.com/groups/opt_out.


Regards by
Saravanan.P

On 7 January 2013 07:59, Saravanan P [email protected] wrote:

In my case, Admin user can create many different sub-users. And he can view
their password too… :frowning:

That does not explain /why/ he needs to be able to view the passwords.

Colin

On 7 January 2013 06:39, Saravanan P [email protected] wrote:

Hi Everyone

i am using devise for authentication for my app.
Is there any way, Admin user can view other users password as normal string.

Why would you want to do that?

Colin

As a admin he can create many sub user and he will email user detail to
the
person who going to use that with application.

On Mon, Jan 7, 2013 at 2:53 PM, Colin L. [email protected]
wrote:

string.
To unsubscribe from this group, send email to


You received this message because you are subscribed to the Google G.
“Ruby on Rails: Talk” group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit https://groups.google.com/groups/opt_out.


Regards by
Saravanan.P

I recommend you never set a password for a user. Instead, use the very
flexible Devise Invitable module to create a user without any password
set, and the requirement that s/he create a password before logging in.
The only thing sent to the new user is a cryptic token link (and these
time-bomb out after a definable time). As an admin, I do not want to be
in the business of knowing (or having to remind my users of) their
passwords – that’s what the “I forgot…” link is for!

Walter

Here it is, the huge security hole… Mails are sent in clear text and
virtually anyone can read it.

I suggest you to generate a random password when an admin create a sub
user. Then in the same time send it by mail with obligation to
change it when the user login

Or the simplest solution, generate a random password and don’t send it.
So the password is “lost” and when the user will want to login he can
use
the “Forgottent password” link. Simple (all is ready in Devise) and
secure

Le 07/01/2013 10:35, Saravanan P a crit :

Ok Thank you walter.

On Mon, Jan 7, 2013 at 10:43 PM, Walter Lee D.
[email protected]wrote:

On Jan 7, 2013, at 5:27 AM, Jrmie Horhant wrote:

the “Forgottent password” link. Simple (all is ready in Devise) and
wrote:

string.
[email protected]

Saravanan.P

To unsubscribe from this group, send email to
To unsubscribe from this group, send email to
To unsubscribe from this group, send email to
[email protected]
For more options, visit https://groups.google.com/groups/opt_out.


Regards by
Saravanan.P

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs