Pardon mf ignorance but what is the easiest way to take the crypted_password that the restful authentication plugin stores in the DB and extract the real password from it so that it can be placed in a variable and then used in a view? I have seen some sources where people are implimenting a forgot and reset function but I just want to get at the password after its been stored.
On Oct 26, 4:22 pm, h3avyarms <biq...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Pardon mf ignorance but what is the easiest way to take the > crypted_password that the restful authentication plugin stores in the > DB and extract the real password from it so that it can be placed in a > variable and then used in a view? I have seen some sources where > people are implimenting a forgot and reset function but I just want to > get at the password after its been stored.You don''t. The password isn''t actually encrypted; rather an SHA1 digest of the password is stored in the DB. Encryption is difficult, and secure management of the necessary keys is perhaps moreso, so unless its a *requirement* (preferably a somehow reasonable one) that users'' passwords be re-retrievable, just implement password reset functionality and be done with it.
pharrington wrote:> On Oct 26, 4:22�pm, h3avyarms <biq...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >> Pardon mf ignorance but what is the easiest way to take the >> crypted_password that the restful authentication plugin stores in the >> DB and extract the real password from it so that it can be placed in a >> variable and then used in a view? I have seen some sources where >> people are implimenting a forgot and reset function but I just want to >> get at the password after its been stored. > > You don''t. The password isn''t actually encrypted; rather an SHA1 > digest of the password is stored in the DB.To be more clear: the impracticality of reversal is the point of using hash functions for storing passwords. It annoys me if I ever find out that a site is able to "retrieve" my passwords. So much so that I strongly consider not using the site at all. Password recovery by resetting is the "right" solution. -- Posted via http://www.ruby-forum.com/.