I’ve implemented an authentication scheme that is basically Recipe #31
from the Rails Recipes book. I’m using the SHA 256 digest to generate
the hash that is stored in the database.
Are there any characters, which, if they were present in the submitted
password form field, would cause the digest to fail?
Basically, do I need to escape any of the characters that might be
submitted for the password from the user?
Thanks,
Wes
Wes G. wrote:
I’ve implemented an authentication scheme that is basically Recipe #31
from the Rails Recipes book. I’m using the SHA 256 digest to generate
the hash that is stored in the database.Are there any characters, which, if they were present in the submitted
password form field, would cause the digest to fail?Basically, do I need to escape any of the characters that might be
submitted for the password from the user?Thanks,
Wes
When I run the code below I get no errors.
Stephan
require ‘openssl’
digests = (0…255).to_a.collect { |c|
OpenSSL::Digest::SHA.hexdigest(c.chr) }
count = 0
digests.each do |s|
if s.length != ‘c6e20991c4a5ea747fdd7a9e3ce5210504a74e75’.length
puts “Not the right length for #{s}”
else
count += 1
end
end
(0…255).to_a.each { |c| puts OpenSSL::Digest::SHA.hexdigest(c.chr) }
puts “Looked at #{digests.length} digests; #{count} have the same
length.”
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs