Hi all,
I’m working actually on a Control Panel to manage a mail system.
Until now, when I create a new mail account, i do an insert and protect
the pasword with ENCRYPT(‘password’) function.
I can’t change the method to SHA1 or MD5 because the SMTPd a IMAPd will
not support it.
Can you explain me how to force RoR to rewrite the INSERT SQL query and
use ENCRYPT() ?
Thank you in advance,
Damien
I think you have to create a custom query:
INSERT INTO t VALUES (1,AES_ENCRYPT(‘text’,‘password’));
try and let me know
Ajit
Hi,
Thank you for the tip.
Finally, I used somethings like this in my model:
def self.encrypt(pass)
User.find_by_sql(“select encrypt(’#{pass}’) as enc limit
1”)[0][‘enc’]
end
before_create :crypt_password
def crypt_password
write_attribute “password”, self.class.encrypt(password)
end
On Aug 7, 2007, at 16:14 , Damien Babilon wrote:
User.find_by_sql("select encrypt('#{pass}') as enc limit1")[0][‘enc’]
And you’ve opened yourself wide open to SQL injection attacks.
Much safer (untested):
sql = %(SELECT ENCRYPT(:password))
User.find_by_sql([sql, {:password => pass}])
Michael G.
grzm seespotcode net
That work fine.
Thank you for your help.
Damien
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs