How do you tell a form not to automatically include the database information? I do not want the password to appear. <% form_for :user, :url => user_url(@user), :html => { :method => :put } do |f| -%> <p>Username:<br /><%= f.text_field :username, :size => 40 %></p> <p>Email:<br /><%= f.text_field :email, :size => 60 %></p> <p>Password:<br /><%= f.password_field :password, :size => 60 %></p> <% end %> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 8/1/07, Mindtonic <mindtonic-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > How do you tell a form not to automatically include the database > information? > > I do not want the password to appear. > > <% form_for :user, :url => user_url(@user), :html => { :method > => :put } do |f| -%> > <p>Username:<br /><%= f.text_field :username, :size => 40 %></p> > <p>Email:<br /><%= f.text_field :email, :size => 60 %></p> > <p>Password:<br /><%= f.password_field :password, :size => 60 %></p> > <% end %>Er, perhaps don''t store the password in your model? Use password_field_tag otherwise. -- Rick Olson http://lighthouseapp.com http://weblog.techno-weenie.net http://mephistoblog.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
How can I tell it not to store the password in the model. I know that it is pulling the properties directly from the database. On Aug 1, 2:28 pm, "Rick Olson" <technowee...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On 8/1/07, Mindtonic <mindto...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > > > How do you tell a form not to automatically include the database > > information? > > > I do not want the password to appear. > > > <% form_for :user, :url => user_url(@user), :html => { :method > > => :put } do |f| -%> > > <p>Username:<br /><%= f.text_field :username, :size => 40 %></p> > > <p>Email:<br /><%= f.text_field :email, :size => 60 %></p> > > <p>Password:<br /><%= f.password_field :password, :size => 60 %></p> > > <% end %> > > Er, perhaps don''t store the password in your model? Use > password_field_tag otherwise. > > -- > Rick Olsonhttp://lighthouseapp.comhttp://weblog.techno-weenie.nethttp://mephistoblog.com--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Michael Glaesemann
2007-Aug-01 15:43 UTC
Re: prevent form_for password_field from auto filling
[[Please don''t top post as it makes the discussion more difficult to follow.]] On Aug 1, 2007, at 9:59 , Mindtonic wrote:> How can I tell it not to store the password in the model. I know that > it is pulling the properties directly from the database.I believe what Rick is saying is don''t store the password in the database at all. For example, you can hash the password (with a salt for better security) and store the hash and the salt in the database. Check out the acts_as_authenticated or restful_authentication plugins for examples of how this is done. Michael Glaesemann grzm seespotcode net --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
If I understand correctly, the objective is to allow the user to enter a password which is then updated in the database, but you don''t want the password displayed? Is that correct? Then if so, you could put the following in your model def password # return nothing so no one ever sees # the password "" end def password=(p) # if nothing provided and we already have a password set then don''t overwrite # since we assume a password was set already. Otherwise # set the password if p.blank? return else write_attribute("password", p) end end However this isn''t a satisfactory real world solution. Several good password and authentication schemes have been mentioned. There''s a good description one strategy in Rails Recipes on page 135. Cheers, --Kip On Aug 1, 11:43 pm, Michael Glaesemann <g...-RYEyMNgfJnVLeUupdtUFmg@public.gmane.org> wrote:> [[Please don''t top post as it makes the discussion more difficult to > follow.]] > > On Aug 1, 2007, at 9:59 , Mindtonic wrote: > > > How can I tell it not to store the password in the model. I know that > > it is pulling the properties directly from the database. > > I believe what Rick is saying is don''t store the password in the > database at all. For example, you can hash the password (with a salt > for better security) and store the hash and the salt in the database. > Check out the acts_as_authenticated or restful_authentication plugins > for examples of how this is done. > > Michael Glaesemann > grzm seespotcode net--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---