Encrypting the password using Authlogic

gandhi-tush · February 5, 2010, 6:20am

Hi,
I am using “Authlogic” for user authentication.
I have a excel file into which I have user deatils. I have to migrate
those details to the “users” table. For that I have written a script
which goes through the excel file and store the data into “users” table.
My code is like this:-
user=User.new
user.password=“password”
user.password_confirmation=“password”
user.save

I have added following code in user.rb-
acts_as_authentic do |c|
c.transition_from_restful_authentication = true
end

I am quite worried about the password created by the authlogic.
It is encrypting the password like this:-
“9b2dcddea0f2ecab44c195b36035cab8da14e719b51c696e704f885f29f8310939fb980d11434c545b43cfa9390b1e6b3d5dbb82f97289da9a1740eadda6b5ae”

Is it right? Or I am missing something.
Can anyone please help me out for this?

Thanks,
Tushar G.

gandhi-tush · February 5, 2010, 9:21am

Try logging in as this user to verify?

Authlogic will generate a unique salt for the user, and then hash the
password with that salt.
In this manner, you are never storing the plaintext passwords in the
database (a very good thing!) and even if your database is exposed
through some malicious attack, your accounts are still fairly well
protected against a broad-spectrum rainbow table attack.

Encrypting the password using Authlogic

I have added following code in user.rb- acts_as_authentic do |c| c.transition_from_restful_authentication = true end

I have added following code in user.rb-
acts_as_authentic do |c|
c.transition_from_restful_authentication = true
end