Good idea to send encrypted password with activation link

Is this good idea to send activation link with encrypted password

Felix Samy wrote:

Is this good idea to send activation link with encrypted password

Why would you want to send the encrypted password anywhere?

On Wed, Oct 6, 2010 at 8:41 AM, Ar Chron [email protected] wrote:

Felix Samy wrote:

Is this good idea to send activation link with encrypted password

then encrypted password?
For what??

I recently started with Authlogic and it specifically uses a
specifically
generated temporary token for such so that it is not necessary to send
an
encrypted password or anything else. I think in general security wise if
you
are using encryption that you dont want a lot of your encrypted data
floating around as given a large enough sample available publicaly
theoretically it could be possible to determine your encryption keys.

David

PS, this is the authlogic explanation. Their point is that the token
expires, as unless you put in other safeguards if the encrypted password
might be able to be used again, for security purposes it really should
be
reset. I think my prev explanation is probably highly unlikely.

http://rdoc.info/github/binarylogic/authlogic/master/Authlogic/ActsAsAuthentic/PerishableToken

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs