Encrypt/ Decrypt password


#1

Hi,

I have user add/edit forms.While creating a user I tried the following
method to encrypt password and stored the encrypted password in the
table.

def self.sha1(pass)
Digest::SHA1.hexdigest("#{salt}–#{pass}–")
end

But when I try to edit the page I get the encrypted password in the 

password field instead of the decrypted password. Is there any method
to decrypt the stored password.

Thanks.
Sainaba.


#2

Nope! That’s why the digest works so well as an encrypted password.

You probably don’t want to edit the password as much as request
Old/New/Confirmed-new to verify that the Old produces the same digest
as what is stored, then save your New (assuming
validates_confirmation_of, that is).

-Rob


#3

You might look at sentry which does both encryption/decryption.
http://sentry.rubyforge.org/
-bakki kudva


#4

Sainaba Sainu wrote:

Hi,

I have user add/edit forms.While creating a user I tried the following
method to encrypt password and stored the encrypted password in the
table.

def self.sha1(pass)
Digest::SHA1.hexdigest("#{salt}–#{pass}–")
end

But when I try to edit the page I get the encrypted password in the 

password field instead of the decrypted password. Is there any method
to decrypt the stored password.

Thanks.
Sainaba.

YES.
just add this line before “def self.sha1(pass)…”

before_update :crypt_password