Hi I am saving password with hashed_password and salt in table. Now I
need
to send those passwords via SMS can it be possible.Kindly give me some
suggestion plz .
Thanks in advance
Cheers
Hi I am saving password with hashed_password and salt in table. Now I
need
to send those passwords via SMS can it be possible.Kindly give me some
suggestion plz .
Thanks in advance
Cheers
You cannot un-hash those passwords. So no, it is not possible.
–
Dheeraj K.
THANKS DHEERAJ, IS IT IMPOSSIBLE FOR SURE
Even when you completely capitalize your question, yes.
–
Dheeraj K.
ok
Sending plaintext passwords is bad. Even across SMS. Generate a OTP
token
if you need to send them something.
~Johnneylee
Hi Johnneylee Rollins,
I am not sending plain text kindly read
above mail for what exactly I need.
On Wed, Jul 24, 2013 at 10:18 PM, Johnneylee Rollins <
How is a hashed password going to help a user?
On Jul 24, 2013, at 11:49 AM, honey ruby [email protected]
wrote:
Hi Johnneylee Rollins,
I am not sending plain text kindly read above
mail for what exactly I need.
You said you wanted to send passwords. You did not say you wanted to
send hashed_password. You’ll get better results if you take the care to
be precise in what you ask, rather than wasting everyone’s time with
ambiguous questions.
So, what do you actually want to do?
–
Scott R.
[email protected]
http://www.elevated-dev.com/
(303) 722-0567 voice
Well it wont help the user but it a strong password in rails. you can
not
retrieve that but you can update it. but you can not send it that is the
issue. too strong passwords
On Wed, Jul 24, 2013 at 11:20 PM, Johnneylee Rollins <
I have already mention in my first message it self seem you missed that.
I
have no intention to waste some one’s time.
On Wed, Jul 24, 2013 at 10:43 AM, honey ruby
[email protected]wrote:
Hi I am saving password with hashed_password and salt in table. Now I need
to send those passwords via SMS can it be possible.Kindly give me some
suggestion plz .
This line, in the English language, can be understood as “Now I need
those
passwords” meaning the passwords before hashing, since you don’t
differentiate between the first mention of passwords and the
hashed_password result. As a native English speaker, I’m letting you
know
that this is ambiguous and is what lead me to my understanding.
Now to answer all permutations of what you may have meant but don’t seem
interested in explaining further.
If the password you mention is the hashed password, that won’t do the
user
any good. If you accept the hashed password when authenticating, then
your
system is horribly broken. Completely.
If the password you mention is the password before it was hashed, then
you’re also what is called a plaintext offender. You shouldn’t do this
either.
If your intent, regardless of your question, is the ability to send the
user some kind of token that they can use to recover their account, then
that also has some issues you should be aware of.
Security and privacy in this regard is highly important. I wouldn’t
trust
SMS to be ‘secure’ in any way. It’s not private. Thusly my suggestion of
a
one time pass token may work for you. You might need to employ some
creativity to arrive at a more secure implementation.
If you don’t wish to address our questions, perhaps you can provide a
few
questions that will help us help you.
~Spaceghost
Are you building this for a “Forgot My Password” feature? You could look
into using Devise and password recovery is built right in.
If you still want to roll your own I’d recommend, at a minimum, you
instead
reset their password to a random password, email them the random
password
and let them reset it. That’s still not very secure though. Sending any
password in plain text defeats the purpose of hashing and storing your
passwords. There’s several better solutions like having user answer
security questions, sending them a link to a temporary obfuscated page
that
allows them to reset their password, etc. If you’re rolling your own
right
now though I definitely recommend looking into the Devise gem as it will
do
all this for you.
– Nate West http://about.me/natewest –
On Wed, Jul 24, 2013 at 10:00 AM, Dheeraj K.
On Wed, Jul 24, 2013 at 10:43 AM, honey ruby [email protected] wrote:
Hi I am saving password with hashed_password and salt in table. Now I need to
send those passwords via SMS can it be possible.Kindly give me some suggestion plz
.
Let me ask this: step back from your proposed solution, i.e. sending
something via SMS, and tell us what problem you’re actually trying to
solve.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs