Forum: Ruby on Rails prevent form_for password_field from auto filling

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
09ca7bd1bc03a735ed913a9de3f4370b?d=identicon&s=25 Mindtonic (Guest)
on 2007-08-01 14:08
(Received via mailing list)
How do you tell a form not to automatically include the database

I do not want the password to appear.

<% form_for :user, :url => user_url(@user), :html => { :method
=> :put } do |f| -%>
  <p>Username:<br /><%= f.text_field :username, :size => 40 %></p>
  <p>Email:<br /><%= f.text_field :email, :size => 60 %></p>
  <p>Password:<br /><%= f.password_field :password, :size => 60 %></p>
<% end %>
821395fe70906c8290df7f18ac4ac6cf?d=identicon&s=25 Rick Olson (Guest)
on 2007-08-01 15:29
(Received via mailing list)
On 8/1/07, Mindtonic <> wrote:
>         <p>Password:<br /><%= f.password_field :password, :size => 60 %></p>
> <% end %>

Er, perhaps don't store the password in your model?  Use
password_field_tag otherwise.

Rick Olson
09ca7bd1bc03a735ed913a9de3f4370b?d=identicon&s=25 Mindtonic (Guest)
on 2007-08-01 17:00
(Received via mailing list)
How can I tell it not to store the password in the model.  I know that
it is pulling the properties directly from the database.
Ae82cad40a0caca9c932d45c7a9eb3cd?d=identicon&s=25 Michael Glaesemann (Guest)
on 2007-08-01 17:43
(Received via mailing list)
[[Please don't top post as it makes the discussion more difficult to

On Aug 1, 2007, at 9:59 , Mindtonic wrote:

> How can I tell it not to store the password in the model.  I know that
> it is pulling the properties directly from the database.

I believe what Rick is saying is don't store the password in the
database at all. For example, you can hash the password (with a salt
for better security) and store the hash and the salt in the database.
Check out the acts_as_authenticated or restful_authentication plugins
for examples of how this is done.

Michael Glaesemann
grzm seespotcode net
9347d4d9f9c4272f6a3297ea3a5976ac?d=identicon&s=25 Kip (Guest)
on 2007-08-02 03:31
(Received via mailing list)
If I understand correctly, the objective is to allow the user to enter
a password which is then updated in the database, but you don't want
the password displayed?  Is that correct?  Then if so, you could put
the following in your model

def password
  # return nothing so no one ever sees
  # the password

def password=(p)
 # if nothing provided and we already have a password set then don't
 # since we assume a password was set already. Otherwise
 # set the password
 if p.blank?
    write_attribute("password", p)

However this isn't a satisfactory real world solution.  Several good
password and authentication
schemes have been mentioned.  There's a good description one strategy
in Rails Recipes on page 135.

Cheers, --Kip
This topic is locked and can not be replied to.