Mailing encrypted password to user

How can I email password to user that is stored in SHA1 encrypted
format?
Thanks

as far as i know, you can’t decrypt it, so what we do, is to send him a
new one, we randomly generate

Presumably this is to allow a user access to an account after they’ve
forgotten their password. It would be much safer to generate a new
random
password for them and send that to the email address you have on file,
not
one they specify when the password is requested. You could also disable
the
account until they click a confirmation link in an email.

Gareth


Gareth Howells, CertHE (Dunelm), BCS
CEO, GForce Industries

[email protected]
07862725134

GForce Industries
86, Warwick Avenue,
Quorn,
Loughborough,
LEICS.
LE12 8HE

----- Original Message -----
From: “Vapor …” [email protected]
To: [email protected]
Sent: Wednesday, December 19, 2007 11:23 AM
Subject: [Rails] Mailing encrypted password to user

On 19 Dec 2007, at 11:23, Vapor … wrote:

How can I email password to user that is stored in SHA1 encrypted
format?
Thanks
SHA1 isn’t an encryption method. it’s a one-way hash.

Fred

On 12/19/07, Vapor … [email protected] wrote:

Gareth

But in this scenario, I can reset anybody’s password and disable account
just by giving his email address. And the target will have to activate
everytime.

Create a random token and mail them a link containing that. Only when
they use that link you let them specify a new password or create one
for them.

Sincerely,
Isak

Create a random token and mail them a link containing that. Only when
they use that link you let them specify a new password or create one
for them.

I need a little help with this…suppose I send user this link with
token at the end … /user/reset_password/abc123 <- abc123 is random
token…it is going to tell me something like template missing and
stuff…how to deal with that?

On 12/19/07, Vapor … [email protected] wrote:

Create a random token and mail them a link containing that. Only when
they use that link you let them specify a new password or create one
for them.

I need a little help with this…suppose I send user this link with
token at the end … /user/reset_password/abc123 <- abc123 is random
token…it is going to tell me something like template missing and
stuff…how to deal with that?

If you’ve left the default route along in config/routes.rb That url
should get mapped to

:controller => UsersController, :action => :reset_password, :id =>
“abc123”

So in your reset_password method you refer to the code as params[:id]

If you want to you can create an explicit named route with:

map.reset_password ‘/user/reset_password/:activation_code’,
:controller => ‘user’, :action => ‘reset_password’


Rick DeNatale

My blog on Ruby
http://talklikeaduck.denhaven2.com/

Gareth Howells wrote:

Presumably this is to allow a user access to an account after they’ve
forgotten their password. It would be much safer to generate a new
random
password for them and send that to the email address you have on file,
not
one they specify when the password is requested. You could also disable
the
account until they click a confirmation link in an email.

Gareth

But in this scenario, I can reset anybody’s password and disable account
just by giving his email address. And the target will have to activate
everytime.

Rick Denatale wrote:

If you’ve left the default route along in config/routes.rb That url
should get mapped to

:controller => UsersController, :action => :reset_password, :id =>
“abc123”

So in your reset_password method you refer to the code as params[:id]

If you want to you can create an explicit named route with:

map.reset_password ‘/user/reset_password/:activation_code’,
:controller => ‘user’, :action => ‘reset_password’

Thanks :slight_smile:

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs