encrypting password on form submit?

A

Amanda ..

Hi there, I'm trying to use a form to create a user for a site. All the
information from the form is currently submitted to the database as is.
I want the password to be encrypted in the database, but I have no idea
how to do this. I have read a bit about WD5, but have no clue how to do
it really, could anybody help me out with this?

Here is my form:

<% form_for :user do |f| %>

<fieldset class="two-cols" id="createuser">
<label for="name">Name</label> <%= f.text_field :name, {:class =>
'text'} %><br /><br />
<label for="username">Username</label><%=f.text_field :username, {:class
=> 'text' } %> <br /><br />
<label for="password">Password</label><%=f.text_field :password, {:class
=> 'text' } %> <br /><br />
</fieldset>

<%=submit_tag 'Save', {:class => 'submit' } %>

<% end %>

Any explanations would be awesome, thanks in advance!
 
J

James Coglan

[Note: parts of this message were removed to make it a legal post.]

I have a plugin called has_password that abstracts away the SHA1-encryption.

ruby script/plugin install git://github.com/jcoglan/has_password.git

There's information in the README on how to use it, it's pretty
straightforward and just handles the password encryption, and has a hook to
notify you when an object's password changes so you can send emails etc.
There are other more complex plugins like acts_as_authenticated that do a
lot more than this, so see which suits you best.


2008/8/27 Amanda .. said:
Hi there, I'm trying to use a form to create a user for a site. All the
information from the form is currently submitted to the database as is.
I want the password to be encrypted in the database, but I have no idea
how to do this. I have read a bit about WD5, but have no clue how to do
it really, could anybody help me out with this?

Here is my form:

<% form_for :user do |f| %>

<fieldset class="two-cols" id="createuser">
<label for="name">Name</label> <%= f.text_field :name, {:class =>
'text'} %><br /><br />
<label for="username">Username</label><%=f.text_field :username, {:class
=> 'text' } %> <br /><br />
<label for="password">Password</label><%=f.text_field :password, {:class
=> 'text' } %> <br /><br />
</fieldset>

<%=submit_tag 'Save', {:class => 'submit' } %>

<% end %>

Any explanations would be awesome, thanks in advance!


--
James Coglan

Lead JavaScript Developer
theOTHERmedia
http://ojay.othermedia.org
+44 (0) 7771512510
 
A

Amanda ..

Thanks for your response, but do you know of a way to just encrypt the
password when the form is submitted? (ie encrypt the string in the text
field before it gets stored into the database) I really just need to
know how to do this with the type of form I have above.
 
J

James Coglan

[Note: parts of this message were removed to make it a legal post.]

2008/8/27 Amanda .. said:
Thanks for your response, but do you know of a way to just encrypt the
password when the form is submitted? (ie encrypt the string in the text
field before it gets stored into the database) I really just need to
know how to do this with the type of form I have above.



To encrypt a string:

require 'digest/sha1'
encrypted = Digest::SHA1.hexdigest(string)
 
A

Amanda ..

Fred said:
This will have to be done with clientâ€side scripting such as
Javascript, not serverâ€side Ruby.

okay well, since I haven't used much javascript, particularly with Ruby,
could you help me out with how I would use Javascript for this? I'm
guessing I would have to call a method when I submit the form and get
the string from the password box and encrypt it?


No idea how to do this really..any guidance would be great :)
 
J

James Coglan

[Note: parts of this message were removed to make it a legal post.]

2008/8/27 Fred Phillips said:
This will have to be done with client$B!>(Bside scripting such as
Javascript, not server$B!>(Bside Ruby.



Doing it in JavaScript is a bad idea -- not all users will have it enabled,
you'll need to use your own hashing function, etc. If you're really
concerned about sending passwords over the network, serve the page on an
https:// URL -- consult an Apache tutorial for setting that up, and use the
ssl_requirement Rails plugin.
 
T

Todd Benson

Hi there, I'm trying to use a form to create a user for a site. All the
information from the form is currently submitted to the database as is.
I want the password to be encrypted in the database, but I have no idea
how to do this. I have read a bit about WD5, but have no clue how to do
it really, could anybody help me out with this?

Here is my form:

<% form_for :user do |f| %>

<fieldset class="two-cols" id="createuser">
<label for="name">Name</label> <%= f.text_field :name, {:class =>
'text'} %><br /><br />
<label for="username">Username</label><%=f.text_field :username, {:class
=> 'text' } %> <br /><br />
<label for="password">Password</label><%=f.text_field :password, {:class
=> 'text' } %> <br /><br />
</fieldset>

<%=submit_tag 'Save', {:class => 'submit' } %>

<% end %>

I haven't used Rails in a while, but what happens in between the form
submission and the submission to the database. Surely, you have some
control over that?

Todd
 
A

Amanda ..

Todd said:
I haven't used Rails in a while, but what happens in between the form
submission and the submission to the database. Surely, you have some
control over that?

Todd

Thats what I'm not sure about/don't know how to do...I was hoping for
some simple way to submit WD5:)password) to the database or something
like that...I'm not very experienced with RoR or databases, so that's
why I'm having a hard time with this
 
A

Amanda ..

Kevin said:
Why? Has Amanda chosen to not use SSL to secure the client to server
communication ?

and I don't even know what ssl is lol, I will go look into it.
 
A

Amanda ..

Amanda said:
Thats what I'm not sure about/don't know how to do...I was hoping for
some simple way to submit WD5:)password) to the database or something
like that...I'm not very experienced with RoR or databases, so that's
why I'm having a hard time with this

I was hoping for something like what's outlined here:

http://www.bluehostforum.com/showthread.php?t=176

but that I can do in Ruby instead of PHP
 
D

Davi Vidal

Em Wednesday 27 August 2008, Amanda .. escreveu:
and I don't even know what ssl is lol, I will go look into it.

A-m-a-z-i-n-g.

You can't work with web development without know what SSL is. Neither you
could speak that you work with web development.

http://en.wikipedia.org/wiki/Secure_Sockets_Layer


HTH,
--
Davi Vidal
--
E-mail: (e-mail address removed)
MSN : (e-mail address removed)
GTalk : (e-mail address removed)
Skype : davi vidal
YIM : davi_vidal
ICQ : 138815296
 
D

Davi Vidal

Em Wednesday 27 August 2008, Amanda .. escreveu:
Thats what I'm not sure about/don't know how to do...I was hoping for
some simple way to submit WD5:)password) to the database or something
like that...I'm not very experienced with RoR or databases, so that's
why I'm having a hard time with this


You mean "md5"?

You should go to (e-mail address removed) and buy your copy
of "Agile Web Development With Rails".

Enjoy.

--
Davi Vidal
--
E-mail: (e-mail address removed)
MSN : (e-mail address removed)
GTalk : (e-mail address removed)
Skype : davi vidal
YIM : davi_vidal
ICQ : 138815296
 
A

Amanda ..

Davi said:
Em Wednesday 27 August 2008, Amanda .. escreveu:

A-m-a-z-i-n-g.

You can't work with web development without know what SSL is. Neither
you
could speak that you work with web development.

http://en.wikipedia.org/wiki/Secure_Sockets_Layer


okay, so I know that I need to learn about SSL, but I don't think that's
what I'm after for this...

Maybe this will clarify:

We have a database where users/passwords/all their info is stored (this
database is not just for our site and contains way more entries than
would ever be required of our site). It is secure and uses SSL, I don't
really know how it works, I don't really need to.

What we're doing is using that database to to check if a user exists.
Once a username and password are entered into the login for the first
time, that user's information is then stored in a different database,
one specifically for our site so we can use their information on our
site. The problem is that we can't have any users that are not stored
in the larger database. In order to do this, I've set up a form (the
code is above) where an admin for the site can create a user...it all
works, except I want the password to be altered before it's actually
sent to the database.

What I need is a way to stop the password text_field from sending the
text directly to the database, then alter the text, and finally store it
in the database. In the "Agile Web Development With Rails" book, they
give an example of encryption, but I'm not sure how to use that with my
form.

I haven't even been web developing for 4 months, so I definitely don't
know all that I should, and I haven't had much success in searching
google or this rails development book for help with intercepting the
form's information before it gets sent to the database.
 
J

James Britt

Amanda said:
Maybe this will clarify:
What I need is a way to stop the password text_field from sending the
text directly to the database, then alter the text, and finally store it
in the database. In the "Agile Web Development With Rails" book, they
give an example of encryption, but I'm not sure how to use that with my
form.

I haven't even been web developing for 4 months, so I definitely don't
know all that I should, and I haven't had much success in searching
google or this rails development book for help with intercepting the
form's information before it gets sent to the database.

If you are building a Rails app you would do better to ask your
questions on the Rails mailing list.

It should be listed at rubyonrails.org

--
James Britt

www.happycamperstudios.com - Wicked Cool Coding
www.jamesbritt.com - Playing with Better Toys
www.ruby-doc.org - Ruby Help & Documentation
www.rubystuff.com - The Ruby Store for Ruby Stuff
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top