Show crypted password?

davidz101 · June 24, 2010, 6:18pm

In authlogic, I set the password field to “crypted password”

Is there a way to display a password, even if its “crypted”? What if
the user forgets the password and needs to recover it? How can I
recover a crypted password?

Thanks

davidz101 · June 24, 2010, 6:25pm

On Thu, Jun 24, 2010 at 9:17 AM, David Z. [email protected]
wrote:

In authlogic, I set the password field to “crypted password”

Is there a way to display a password, even if its “crypted”? What if
the user forgets the password and needs to recover it? How can I
recover a crypted password?

You don’t “recover” it. You reset it. User types in username, clicks
“reset password”. You lookup email address of user in DB and email
them a link with a secret token which allows them to choose a new
password. The secret token is kinda like a one-time-password which
only lets them change their password. You’ve prolly seen this sort of
thing with many websites?

–
Aaron T.
http://synfin.net/ Twitter: @synfinatic
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix &
Windows
Those who would give up essential Liberty, to purchase a little
temporary
Safety, deserve neither Liberty nor Safety.
– Benjamin Franklin
“carpe diem quam minimum credula postero”

davidz101 · June 24, 2010, 6:37pm

On 24 Jun 2010, at 18:28, David Z. wrote:

password. The secret token is kinda like a one-time-password which
only lets them change their password. You’ve prolly seen this sort
of
thing with many websites?

Right, is it difficult to write out that “secret token”? hmm I’m
having trouble picturing how the code should look like

Google is your friend:
http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/

Best regards

Peter De Berdt

davidz101 · June 24, 2010, 6:30pm

only lets them change their password. You’ve prolly seen this sort of
thing with many websites?

Right, is it difficult to write out that “secret token”? hmm I’m
having trouble picturing how the code should look like

davidz101 · June 24, 2010, 6:40pm

On 24 Jun 2010, at 18:28, David Z. wrote:

Right, is it difficult to write out that “secret token”? hmm I’m
having trouble picturing how the code should look like

… and GitHub - rejeep/authlogic-password-reset-tutorial: Authlogic Password Reset Tutorial

davidz101 · June 24, 2010, 6:42pm

http://www.google.com/search?q=authlogic+forgot+password

http://www.google.com/search?q=authlogic+forgot+passwordBe careful.
Some
examples may be quite old, but it will give you the big picture of how
to
implement this.
This one is quite interesting (and seems to be up to date):
GitHub - rejeep/authlogic-password-reset-tutorial: Authlogic Password Reset Tutorial
http://www.google.com/search?q=authlogic+forgot+password

Fernando B.

davidz101 · June 24, 2010, 6:38pm

On Thu, Jun 24, 2010 at 9:28 AM, David Z. [email protected]
wrote:

password. The secret token is kinda like a one-time-password which
only lets them change their password. You’ve prolly seen this sort of
thing with many websites?

Right, is it difficult to write out that “secret token”? hmm I’m
having trouble picturing how the code should look like

Have you tried googling for “authlogic reset password”? If not, why
not?

–
Aaron T.
http://synfin.net/ Twitter: @synfinatic
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix &
Windows
Those who would give up essential Liberty, to purchase a little
temporary
Safety, deserve neither Liberty nor Safety.
– Benjamin Franklin
“carpe diem quam minimum credula postero”