Displaying 20 results from an estimated 4000 matches similar to: "de-crypting Ruby password with php."
2007 Dec 31
1
Agile Web Dev w/Rails - Password Change
Happy New Year everyone.
Just wondering if anyone has coded the ability to allow a user to change
their password following the way the book (second edition) implements
administration.
Seems like I should be able to cut out the
password/password_confirmation portion of ''add_user'' form to create a
''change_pass'' form. The problem is I''m not sure how to go
2007 Nov 17
18
Syntax Problem
I admit I am stuck. I am converting a legacy php site to ROR. The old
site uses MD5, a security flaw waiting to happen. I upgraded to AAA
and am adding code in the session_controller.rb file to see if
crypted_password is blank. If it is, crypt and check the password
against the old md5 version and write it in the new crypted_password
field.
Here is my code add on before the logged_in?:
def
2008 Jun 20
15
before_save model callback rspec testing
hi all,
i''m learning rspec and i can''t figure out how to test if a callback is
executed in a model.
my model code is:
class User < ActiveRecord::Base
before_save :encrypt_password
...
def encrypt(password)
self.class.encrypt(password, salt)
end
thanks a lot,
cs.
--
Posted via http://www.ruby-forum.com/.
2006 Jul 27
2
Creating multiple objects from form data
I''m in the process of creating a sign up form for an online application.
The form collects account info, company info, and then info for an
administrative user.
The method looks like this:
def create
@account = Account.create!(params[:account])
@company = @account.companies.create!(params[:company])
@user = @company.users.create!(params[:user])
end
However, this inevitably fails
2006 Jan 20
10
Generating a long, unique "ticket" number.
Hello --
I would like to setup a system where a user can generate a "ticket".
This ticket will be stored indefinitely. The ticket will be sent to
someone who does not have an account on the system and therefore, I
would like to ensure some level of security in that ticket number.
Basically, the other user would receive an email like:
---
Please click on the link below to view this
2006 Jan 23
3
Encrypt/ Decrypt password
Hi,
I have user add/edit forms.While creating a user I tried the following
method to encrypt password and stored the encrypted password in the
table.
def self.sha1(pass)
Digest::SHA1.hexdigest("#{salt}--#{pass}--")
end
But when I try to edit the page I get the encrypted password in the
password field instead of the decrypted password. Is there any method
to decrypt
2010 Jan 18
3
The role of self and :: within a method of a model
Hey all,
I understand that a def self.abc, for example, is a class method, which
allows you to call its contents by just referencing model.abc (rather than
model.new.abc). However, what is its role when located in a method inside a
model like in the code below.
Also in the code below, you see :: located in the method. Isn''t that used
for modules and namespaces? If so, why is it located
2009 Apr 21
11
can we decrypt the cipher encrypted using Digest::SHA1.hexdigest
what i have done is as follows
password = Digest::SHA1.hexdigest("#{salt}:#{password}")
pass1 = Digest::SHA1.hexdigest("#{salt}:asdfgh")
pass2 = Digest::SHA1.hexdigest("#{salt}:asdfgh")
pass3 = Digest::SHA1.hexdigest("#{salt}:qwerty")
puts pass1==pass2
puts pass1==pass3
This works fine
but i need to get the decrypted password
how can i get it
any help is
2006 Apr 21
1
Catch authentication result from a model in a controller
Im still following the authorization recipe from the book, now all works
fine but im getting trouble in how handle the model authorization
result, if the user and pass are correct, it goes to a welcome
screen(admin.rhtml) but if wrong the model prints a message in an ugly
exception like page "usr and pass not correct", i want to redirect the
user to the login
2006 Jul 17
19
updating model
hello,
i am writing a simple user login system.
when registering a user account, i have two field:
password
password_confirmation
which are validated using
validates_presence_of
validates_confirmation_of
and these are then used to generate a password hash which is stored in
my database
when i want to update the record (without changing the password and
entering new values for password and
2006 Aug 07
1
Help please: database column not taking
I created a simple registration form. One column doesn''t seem to be
taking the input. I''ve yet to put in any validation or error
checking.
The column in the database is called ''level'' and is type ''int''
The controller method is fairly simple:
def register
c = User.new(params[:user])
c.save
redirect_to :controller =>
2006 Apr 14
7
SHA2 Issues
Hello all,
Thank you in advance for your help with this. I am trying to implement
the user authentication method from Ruby Recipes which calls for the use
of SHA 2. Here is the code for the password:
def password=(pass)
salt = [Array.new(6){rand(256).chr}.join].pack("m").chomp
self.password_salt, self.password_hash = salt,
Digest::SHA256.hexdigest(pass + salt)
end
I open
2006 Aug 02
3
Need help with registration page
I have most of my books open as I''m trying to create this app. Still
not sure how to make this work - hopefully some help / hints can get
me further.
First I used the "authorizing users" recipe from Rails Recipes. Though
I did add some more generic type of registration fields (email,
address, etc).
I want the registration form on the main page(index) of the site.
What I have
2007 Mar 30
7
Some additional attacks on Cookie Session
Aside from the replay attacks discussed, there are some other attack
vectors on the cookie_session store.
I appreciate (and admire!) Jeremy''s good humor on all of this:
> Planting the seed here led to quick ripening and plenty of pesticide.
> Thanks for the fish, all.
>
> jeremy
Anyway, here''s what we came up with:
1. Brute Force
SHA512 can be computed _very_ fast.
2009 Nov 09
4
Decrypt a admin password (with salt)
Hello,
I want decrypt a password which is encrypted by MD5.
there are 4 functions which i am using :
# Encrypts some data with the salt.
def self.encrypt(password, salt)
Digest::SHA1.hexdigest("--#{salt}--#{password}--")
end
# Encrypts the password with the user salt
def encrypt(password)
self.class.encrypt(password, salt)
end
def authenticated?(password)
2006 Aug 16
5
validation on methods that aren''t part of the database.
using the Rails Recipes book, i went through the tutorial on setting up
authentication on a site. the tutorial was great, but it raises a few
questions.
the fields in the database are password_hash, and password_salt. the
tutorial creates another method for password that takes the value it was
given and hashes it and adds the 6 character salt at the end.
what if i want to perform validation
2017 Oct 27
3
Password encription
Aki Tuomi wrote:
> The use of salt, today, is to prevent the attacker from directly seeing
> who has same passwords. Of course it also will make a rainbow table
> attack less useful,
Not just less useful, but almost infeasible. Given the use of random
salts, you would have to generate (number of possible salts) rainbow
tables. This drastically changes the CPU/storage tradeoffs.
>
2007 Dec 06
2
Segmented regression
Hello all,
I have 3 time series (tt) that I've fitted segmented regression models
to, with 3 breakpoints that are common to all, using code below
(requires segmented package). However I wish to specifiy a zero
coefficient, a priori, for the last segment of the KW series (green)
only. Is this possible to do with segmented? If not, could someone point
in a direction?
The final goal is to
2016 Jul 21
4
Openssh use enumeration
On Wed, Jul 20, 2016 at 09:02:57PM -0600, Selphie Keller wrote:
> I wonder if could be useful to set the fall back account to something user
> defined to avoid suggesting people add passwords to root, though I do like
> root since the account is always there,
Since committing that diff I've heard of people running in production
with no root password (ie *LK*, !! or similar).
2006 Dec 17
1
MySQL syntax for self.authenticate
How can I add a password in MySQL directly and match the one Rails
create? I understand that it uses SHA1 and then HEX, right (require
''digest/sha1''). But when I try that in MySQL the resulted string isn''t
the same.
This is what I do in MySQL:
SELECT SHA1(''password+salt'')
The result is process with SELECT HEX(''result'')
Btw, should