How can I email password to user that is stored in SHA1 encrypted format? Thanks -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
as far as i know, you can''t decrypt it, so what we do, is to send him a new one, we randomly generate -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Presumably this is to allow a user access to an account after they''ve forgotten their password. It would be much safer to generate a new random password for them and send that to the email address you have on file, not one they specify when the password is requested. You could also disable the account until they click a confirmation link in an email. Gareth ----- Gareth Howells, CertHE (Dunelm), BCS CEO, GForce Industries gareth-ODTVTU26xab9EGf1dU50t5JpZx93mCW/@public.gmane.org 07862725134 GForce Industries 86, Warwick Avenue, Quorn, Loughborough, LEICS. LE12 8HE ----- Original Message ----- From: "Vapor .." <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> To: <rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org> Sent: Wednesday, December 19, 2007 11:23 AM Subject: [Rails] Mailing encrypted password to user> > How can I email password to user that is stored in SHA1 encrypted > format? > Thanks > -- > Posted via http://www.ruby-forum.com/. > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Gareth Howells wrote:> Presumably this is to allow a user access to an account after they''ve > forgotten their password. It would be much safer to generate a new > random > password for them and send that to the email address you have on file, > not > one they specify when the password is requested. You could also disable > the > account until they click a confirmation link in an email. > > GarethBut in this scenario, I can reset anybody''s password and disable account just by giving his email address. And the target will have to activate everytime. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 19 Dec 2007, at 11:23, Vapor .. wrote:> > How can I email password to user that is stored in SHA1 encrypted > format? > ThanksSHA1 isn''t an encryption method. it''s a one-way hash. Fred> > -- > Posted via http://www.ruby-forum.com/. > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 12/19/07, Vapor .. <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > Gareth Howells wrote: > > Presumably this is to allow a user access to an account after they''ve > > forgotten their password. It would be much safer to generate a new > > random > > password for them and send that to the email address you have on file, > > not > > one they specify when the password is requested. You could also disable > > the > > account until they click a confirmation link in an email. > > > > Gareth > > But in this scenario, I can reset anybody''s password and disable account > just by giving his email address. And the target will have to activate > everytime.Create a random token and mail them a link containing that. Only when they use that link you let them specify a new password or create one for them. Sincerely, Isak> -- > Posted via http://www.ruby-forum.com/. > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> Create a random token and mail them a link containing that. Only when > they use that link you let them specify a new password or create one > for them.I need a little help with this...suppose I send user this link with token at the end ... /user/reset_password/abc123 <- abc123 is random token...it is going to tell me something like template missing and stuff...how to deal with that? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 12/19/07, Vapor .. <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > > Create a random token and mail them a link containing that. Only when > > they use that link you let them specify a new password or create one > > for them. > > I need a little help with this...suppose I send user this link with > token at the end ... /user/reset_password/abc123 <- abc123 is random > token...it is going to tell me something like template missing and > stuff...how to deal with that?If you''ve left the default route along in config/routes.rb That url should get mapped to :controller => UsersController, :action => :reset_password, :id => "abc123" So in your reset_password method you refer to the code as params[:id] If you want to you can create an explicit named route with: map.reset_password ''/user/reset_password/:activation_code'', :controller => ''user'', :action => ''reset_password'' -- Rick DeNatale My blog on Ruby http://talklikeaduck.denhaven2.com/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Rick Denatale wrote:> If you''ve left the default route along in config/routes.rb That url > should get mapped to > > :controller => UsersController, :action => :reset_password, :id => > "abc123" > > So in your reset_password method you refer to the code as params[:id] > > If you want to you can create an explicit named route with: > > map.reset_password ''/user/reset_password/:activation_code'', > :controller => ''user'', :action => ''reset_password''Thanks :) -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---