Hi there, I’m trying to use a form to create a user for a site. All the
information from the form is currently submitted to the database as is.
I want the password to be encrypted in the database, but I have no idea
how to do this. I have read a bit about WD5, but have no clue how to do
it really, could anybody help me out with this?
Here is my form:
<% form_for :user do |f| %>
Name <%= f.text_field :name, {:class =>
'text'} %>
There’s information in the README on how to use it, it’s pretty
straightforward and just handles the password encryption, and has a hook
to
notify you when an object’s password changes so you can send emails etc.
There are other more complex plugins like acts_as_authenticated that do
a
lot more than this, so see which suits you best.
Thanks for your response, but do you know of a way to just encrypt the
password when the form is submitted? (ie encrypt the string in the text
field before it gets stored into the database) I really just need to
know how to do this with the type of form I have above.
James C. wrote:
I have a plugin called has_password that abstracts away the
SHA1-encryption.
There’s information in the README on how to use it, it’s pretty
straightforward and just handles the password encryption, and has a hook
to
notify you when an object’s password changes so you can send emails etc.
There are other more complex plugins like acts_as_authenticated that do
a
lot more than this, so see which suits you best.
Thanks for your response, but do you know of a way to just encrypt the
password when the form is submitted? (ie encrypt the string in the text
field before it gets stored into the database) I really just need to
know how to do this with the type of form I have above.
This will have to be done with clientâ€side scripting such as
Javascript, not serverâ€side Ruby.
okay well, since I haven’t used much javascript, particularly with Ruby,
could you help me out with how I would use Javascript for this? I’m
guessing I would have to call a method when I submit the form and get
the string from the password box and encrypt it?
No idea how to do this really…any guidance would be great
Thanks for your response, but do you know of a way to just encrypt the
password when the form is submitted? (ie encrypt the string in the text
field before it gets stored into the database) I really just need to
know how to do this with the type of form I have above.
This will have to be done with clientâ€side scripting such as
Javascript, not serverâ€side Ruby.
Thanks for your response, but do you know of a way to just encrypt the
password when the form is submitted? (ie encrypt the string in the text
field before it gets stored into the database) I really just need to
know how to do this with the type of form I have above.
This will have to be done with clientâ€side scripting such as
Javascript, not serverâ€side Ruby.
Doing it in JavaScript is a bad idea – not all users will have it
enabled,
you’ll need to use your own hashing function, etc. If you’re really
concerned about sending passwords over the network, serve the page on an
https:// URL – consult an Apache tutorial for setting that up, and use
the
ssl_requirement Rails plugin.
I haven’t used Rails in a while, but what happens in between the form
submission and the submission to the database. Surely, you have some
control over that?
I haven’t used Rails in a while, but what happens in between the form
submission and the submission to the database. Surely, you have some
control over that?
Todd
Thats what I’m not sure about/don’t know how to do…I was hoping for
some simple way to submit WD5(:password) to the database or something
like that…I’m not very experienced with RoR or databases, so that’s
why I’m having a hard time with this
Thats what I’m not sure about/don’t know how to do…I was hoping for
some simple way to submit WD5(:password) to the database or something
like that…I’m not very experienced with RoR or databases, so that’s
why I’m having a hard time with this
I was hoping for something like what’s outlined here:
I wouldn’t attempt to even do encryption in Javascript. You could, but
there would be no point. Learn how to use SSL (should be easy,
actually). Or Google for HTTPS; exact same thing, but may get you new
pages.
Then the client’s connection to the server is encrypted. From there, do
your SHA1 encryption (or whatever you want to use) before sending it to
the database. That should be all you need.
okay, so I know that I need to learn about SSL, but I don’t think that’s
what I’m after for this…
Maybe this will clarify:
We have a database where users/passwords/all their info is stored (this
database is not just for our site and contains way more entries than
would ever be required of our site). It is secure and uses SSL, I don’t
really know how it works, I don’t really need to.
What we’re doing is using that database to to check if a user exists.
Once a username and password are entered into the login for the first
time, that user’s information is then stored in a different database,
one specifically for our site so we can use their information on our
site. The problem is that we can’t have any users that are not stored
in the larger database. In order to do this, I’ve set up a form (the
code is above) where an admin for the site can create a user…it all
works, except I want the password to be altered before it’s actually
sent to the database.
What I need is a way to stop the password text_field from sending the
text directly to the database, then alter the text, and finally store it
in the database. In the “Agile Web D. With Rails” book, they
give an example of encryption, but I’m not sure how to use that with my
form.
I haven’t even been web developing for 4 months, so I definitely don’t
know all that I should, and I haven’t had much success in searching
google or this rails development book for help with intercepting the
form’s information before it gets sent to the database.
form’s information before it gets sent to the database.
If you are building a Rails app you would do better to ask your
questions on the Rails mailing list.
No idea how to do this really…any guidance would be great
Even if I could, I wouldn’t. As it has been said, encrypting like this
is a bad idea. You really need to encrypt after the form has been
sent using Ruby serverâ€side, before it is put into the database. Take
a look at this[1] module for secure password encryption in Ruby.