encrypting password on form submit?

Discussion in 'Ruby' started by Amanda .., Aug 27, 2008.

  1. Amanda ..

    Amanda .. Guest

    Hi there, I'm trying to use a form to create a user for a site. All the
    information from the form is currently submitted to the database as is.
    I want the password to be encrypted in the database, but I have no idea
    how to do this. I have read a bit about WD5, but have no clue how to do
    it really, could anybody help me out with this?

    Here is my form:

    <% form_for :user do |f| %>

    <fieldset class="two-cols" id="createuser">
    <label for="name">Name</label> <%= f.text_field :name, {:class =>
    'text'} %><br /><br />
    <label for="username">Username</label><%=f.text_field :username, {:class
    => 'text' } %> <br /><br />
    <label for="password">Password</label><%=f.text_field :password, {:class
    => 'text' } %> <br /><br />
    </fieldset>

    <%=submit_tag 'Save', {:class => 'submit' } %>

    <% end %>

    Any explanations would be awesome, thanks in advance!
    --
    Posted via http://www.ruby-forum.com/.
    Amanda .., Aug 27, 2008
    #1
    1. Advertising

  2. Amanda ..

    James Coglan Guest

    [Note: parts of this message were removed to make it a legal post.]

    I have a plugin called has_password that abstracts away the SHA1-encryption.

    ruby script/plugin install git://github.com/jcoglan/has_password.git

    There's information in the README on how to use it, it's pretty
    straightforward and just handles the password encryption, and has a hook to
    notify you when an object's password changes so you can send emails etc.
    There are other more complex plugins like acts_as_authenticated that do a
    lot more than this, so see which suits you best.


    2008/8/27 Amanda .. <>

    > Hi there, I'm trying to use a form to create a user for a site. All the
    > information from the form is currently submitted to the database as is.
    > I want the password to be encrypted in the database, but I have no idea
    > how to do this. I have read a bit about WD5, but have no clue how to do
    > it really, could anybody help me out with this?
    >
    > Here is my form:
    >
    > <% form_for :user do |f| %>
    >
    > <fieldset class="two-cols" id="createuser">
    > <label for="name">Name</label> <%= f.text_field :name, {:class =>
    > 'text'} %><br /><br />
    > <label for="username">Username</label><%=f.text_field :username, {:class
    > => 'text' } %> <br /><br />
    > <label for="password">Password</label><%=f.text_field :password, {:class
    > => 'text' } %> <br /><br />
    > </fieldset>
    >
    > <%=submit_tag 'Save', {:class => 'submit' } %>
    >
    > <% end %>
    >
    > Any explanations would be awesome, thanks in advance!
    > --
    > Posted via http://www.ruby-forum.com/.
    >
    >



    --
    James Coglan

    Lead JavaScript Developer
    theOTHERmedia
    http://ojay.othermedia.org
    +44 (0) 7771512510
    James Coglan, Aug 27, 2008
    #2
    1. Advertising

  3. Amanda ..

    Amanda .. Guest

    Thanks for your response, but do you know of a way to just encrypt the
    password when the form is submitted? (ie encrypt the string in the text
    field before it gets stored into the database) I really just need to
    know how to do this with the type of form I have above.




    James Coglan wrote:
    > I have a plugin called has_password that abstracts away the
    > SHA1-encryption.
    >
    > ruby script/plugin install git://github.com/jcoglan/has_password.git
    >
    > There's information in the README on how to use it, it's pretty
    > straightforward and just handles the password encryption, and has a hook
    > to
    > notify you when an object's password changes so you can send emails etc.
    > There are other more complex plugins like acts_as_authenticated that do
    > a
    > lot more than this, so see which suits you best.
    >

    --
    Posted via http://www.ruby-forum.com/.
    Amanda .., Aug 27, 2008
    #3
  4. Amanda ..

    James Coglan Guest

    [Note: parts of this message were removed to make it a legal post.]

    2008/8/27 Amanda .. <>

    > Thanks for your response, but do you know of a way to just encrypt the
    > password when the form is submitted? (ie encrypt the string in the text
    > field before it gets stored into the database) I really just need to
    > know how to do this with the type of form I have above.




    To encrypt a string:

    require 'digest/sha1'
    encrypted = Digest::SHA1.hexdigest(string)
    James Coglan, Aug 27, 2008
    #4
  5. Amanda ..

    Amanda .. Guest

    Fred Phillips wrote:
    > This will have to be done with clientâ€side scripting such as
    > Javascript, not serverâ€side Ruby.


    okay well, since I haven't used much javascript, particularly with Ruby,
    could you help me out with how I would use Javascript for this? I'm
    guessing I would have to call a method when I submit the form and get
    the string from the password box and encrypt it?


    No idea how to do this really..any guidance would be great :)
    --
    Posted via http://www.ruby-forum.com/.
    Amanda .., Aug 27, 2008
    #5
  6. Amanda ..

    James Coglan Guest

    [Note: parts of this message were removed to make it a legal post.]

    2008/8/27 Fred Phillips <>

    > On Thu Aug 28 01:04:24 2008, Amanda .. wrote:
    > > Thanks for your response, but do you know of a way to just encrypt the
    > > password when the form is submitted? (ie encrypt the string in the text
    > > field before it gets stored into the database) I really just need to
    > > know how to do this with the type of form I have above.

    >
    > This will have to be done with client$B!>(Bside scripting such as
    > Javascript, not server$B!>(Bside Ruby.




    Doing it in JavaScript is a bad idea -- not all users will have it enabled,
    you'll need to use your own hashing function, etc. If you're really
    concerned about sending passwords over the network, serve the page on an
    https:// URL -- consult an Apache tutorial for setting that up, and use the
    ssl_requirement Rails plugin.
    James Coglan, Aug 27, 2008
    #6
  7. Amanda ..

    Todd Benson Guest

    On Wed, Aug 27, 2008 at 10:31 AM, Amanda .. <> wrote:
    > Hi there, I'm trying to use a form to create a user for a site. All the
    > information from the form is currently submitted to the database as is.
    > I want the password to be encrypted in the database, but I have no idea
    > how to do this. I have read a bit about WD5, but have no clue how to do
    > it really, could anybody help me out with this?
    >
    > Here is my form:
    >
    > <% form_for :user do |f| %>
    >
    > <fieldset class="two-cols" id="createuser">
    > <label for="name">Name</label> <%= f.text_field :name, {:class =>
    > 'text'} %><br /><br />
    > <label for="username">Username</label><%=f.text_field :username, {:class
    > => 'text' } %> <br /><br />
    > <label for="password">Password</label><%=f.text_field :password, {:class
    > => 'text' } %> <br /><br />
    > </fieldset>
    >
    > <%=submit_tag 'Save', {:class => 'submit' } %>
    >
    > <% end %>


    I haven't used Rails in a while, but what happens in between the form
    submission and the submission to the database. Surely, you have some
    control over that?

    Todd
    Todd Benson, Aug 27, 2008
    #7
  8. Amanda ..

    Amanda .. Guest

    Todd Benson wrote:
    > I haven't used Rails in a while, but what happens in between the form
    > submission and the submission to the database. Surely, you have some
    > control over that?
    >
    > Todd


    Thats what I'm not sure about/don't know how to do...I was hoping for
    some simple way to submit WD5:)password) to the database or something
    like that...I'm not very experienced with RoR or databases, so that's
    why I'm having a hard time with this

    --
    Posted via http://www.ruby-forum.com/.
    Amanda .., Aug 27, 2008
    #8
  9. Amanda ..

    Amanda .. Guest

    Kevin Brown wrote:
    > Why? Has Amanda chosen to not use SSL to secure the client to server
    > communication ?


    and I don't even know what ssl is lol, I will go look into it.
    --
    Posted via http://www.ruby-forum.com/.
    Amanda .., Aug 27, 2008
    #9
  10. Amanda ..

    Amanda .. Guest

    Amanda .. wrote:
    >
    > Thats what I'm not sure about/don't know how to do...I was hoping for
    > some simple way to submit WD5:)password) to the database or something
    > like that...I'm not very experienced with RoR or databases, so that's
    > why I'm having a hard time with this


    I was hoping for something like what's outlined here:

    http://www.bluehostforum.com/showthread.php?t=176

    but that I can do in Ruby instead of PHP
    --
    Posted via http://www.ruby-forum.com/.
    Amanda .., Aug 27, 2008
    #10
  11. Amanda ..

    Davi Vidal Guest

    Em Wednesday 27 August 2008, Amanda .. escreveu:
    > Kevin Brown wrote:
    > > Why? Has Amanda chosen to not use SSL to secure the client to server
    > > communication ?

    >
    > and I don't even know what ssl is lol, I will go look into it.


    A-m-a-z-i-n-g.

    You can't work with web development without know what SSL is. Neither you
    could speak that you work with web development.

    http://en.wikipedia.org/wiki/Secure_Sockets_Layer


    HTH,
    --
    Davi Vidal
    --
    E-mail:
    MSN :
    GTalk :
    Skype : davi vidal
    YIM : davi_vidal
    ICQ : 138815296
    Davi Vidal, Aug 27, 2008
    #11
  12. Amanda ..

    Davi Vidal Guest

    Em Wednesday 27 August 2008, Amanda .. escreveu:
    > Todd Benson wrote:
    > > I haven't used Rails in a while, but what happens in between the form
    > > submission and the submission to the database. Surely, you have some
    > > control over that?
    > >
    > > Todd

    >
    > Thats what I'm not sure about/don't know how to do...I was hoping for
    > some simple way to submit WD5:)password) to the database or something
    > like that...I'm not very experienced with RoR or databases, so that's
    > why I'm having a hard time with this



    You mean "md5"?

    You should go to and buy your copy
    of "Agile Web Development With Rails".

    Enjoy.

    --
    Davi Vidal
    --
    E-mail:
    MSN :
    GTalk :
    Skype : davi vidal
    YIM : davi_vidal
    ICQ : 138815296
    Davi Vidal, Aug 27, 2008
    #12
  13. Amanda ..

    Amanda .. Guest

    Davi Vidal wrote:
    > Em Wednesday 27 August 2008, Amanda .. escreveu:
    >> Kevin Brown wrote:
    >> > Why? Has Amanda chosen to not use SSL to secure the client to server
    >> > communication ?

    >>
    >> and I don't even know what ssl is lol, I will go look into it.

    >
    > A-m-a-z-i-n-g.
    >
    > You can't work with web development without know what SSL is. Neither
    > you
    > could speak that you work with web development.
    >
    > http://en.wikipedia.org/wiki/Secure_Sockets_Layer



    okay, so I know that I need to learn about SSL, but I don't think that's
    what I'm after for this...

    Maybe this will clarify:

    We have a database where users/passwords/all their info is stored (this
    database is not just for our site and contains way more entries than
    would ever be required of our site). It is secure and uses SSL, I don't
    really know how it works, I don't really need to.

    What we're doing is using that database to to check if a user exists.
    Once a username and password are entered into the login for the first
    time, that user's information is then stored in a different database,
    one specifically for our site so we can use their information on our
    site. The problem is that we can't have any users that are not stored
    in the larger database. In order to do this, I've set up a form (the
    code is above) where an admin for the site can create a user...it all
    works, except I want the password to be altered before it's actually
    sent to the database.

    What I need is a way to stop the password text_field from sending the
    text directly to the database, then alter the text, and finally store it
    in the database. In the "Agile Web Development With Rails" book, they
    give an example of encryption, but I'm not sure how to use that with my
    form.

    I haven't even been web developing for 4 months, so I definitely don't
    know all that I should, and I haven't had much success in searching
    google or this rails development book for help with intercepting the
    form's information before it gets sent to the database.
    --
    Posted via http://www.ruby-forum.com/.
    Amanda .., Aug 27, 2008
    #13
  14. Amanda ..

    James Britt Guest

    Amanda .. wrote:

    >
    > Maybe this will clarify:
    >


    >
    > What I need is a way to stop the password text_field from sending the
    > text directly to the database, then alter the text, and finally store it
    > in the database. In the "Agile Web Development With Rails" book, they
    > give an example of encryption, but I'm not sure how to use that with my
    > form.
    >
    > I haven't even been web developing for 4 months, so I definitely don't
    > know all that I should, and I haven't had much success in searching
    > google or this rails development book for help with intercepting the
    > form's information before it gets sent to the database.


    If you are building a Rails app you would do better to ask your
    questions on the Rails mailing list.

    It should be listed at rubyonrails.org

    --
    James Britt

    www.happycamperstudios.com - Wicked Cool Coding
    www.jamesbritt.com - Playing with Better Toys
    www.ruby-doc.org - Ruby Help & Documentation
    www.rubystuff.com - The Ruby Store for Ruby Stuff
    James Britt, Aug 27, 2008
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    35
    Views:
    50,851
    Chris Uppal
    Nov 9, 2005
  2. Lionel

    encrypting password

    Lionel, Sep 10, 2006, in forum: Java
    Replies:
    13
    Views:
    650
    RedGrittyBrick
    Sep 12, 2006
  3. AAaron123
    Replies:
    2
    Views:
    2,154
    AAaron123
    Jan 16, 2009
  4. AAaron123
    Replies:
    1
    Views:
    1,335
    Oriane
    Jan 16, 2009
  5. Replies:
    3
    Views:
    671
Loading...

Share This Page