I''m trying to port an existing, home grown authentication system to use RESTful Authentication (and then RoleRequirement on top of that). I am concerned about how best to handle the existing user data in my users table so that legacy (pre-RESTful Auth users) can log in. I already have an existing users table with salt and hashed versions of passwords, so I''m assuming that I will simply have to have a way to detect which user records are pre-existing and ensure that I run the MD5 against them the "legacy" way. Obviously, all new user records end up with the RESTful Auth. hashing method applied to their passwords. I''m looking for advice from anyone who has had to do this type of conversion before. Thanks, Wes -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Colin Law
2009-Apr-02 07:38 UTC
Re: Migrating from homegrown auth. to RESTful Authentication
If you are happy with the security of your original hashing then you could just patch restful auth to use your existing technique. 2009/4/1 Wes Gamble <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>> > I''m trying to port an existing, home grown authentication system to use > RESTful Authentication (and then RoleRequirement on top of that). > > I am concerned about how best to handle the existing user data in my > users table so that legacy (pre-RESTful Auth users) can log in. > > I already have an existing users table with salt and hashed versions of > passwords, so I''m assuming that I will simply have to have a way to > detect which user records are pre-existing and ensure that I run the MD5 > against them the "legacy" way. > > Obviously, all new user records end up with the RESTful Auth. hashing > method applied to their passwords. > > I''m looking for advice from anyone who has had to do this type of > conversion before. > > Thanks, > Wes > -- > Posted via http://www.ruby-forum.com/. > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Fernando Perez
2009-Apr-02 12:34 UTC
Re: Migrating from homegrown auth. to RESTful Authentication
> I''m looking for advice from anyone who has had to do this type of > conversion before. > > Thanks, > WesOne way could be to allow users to reset the password by requesting a token sent by email. So that everybody will be forced to update their passwords. You''ll have to make it super clear so that users won''t get upset seeing they can''t log in anymore. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---