encrypting password on form submit?

Hi there, I'm trying to use a form to create a user for a site. All the
information from the form is currently submitted to the database as is.
I want the password to be encrypted in the database, but I have no idea
how to do this. I have read a bit about WD5, but have no clue how to do
it really, could anybody help me out with this?

Here is my form:

<% form_for :user do |f| %>

<fieldset class="two-cols" id="createuser">
<label for="name">Name</label> <%= f.text_field :name, {:class =>
'text'} %><br /><br />
<label for="username">Username</label><%=f.text_field :username, {:class
=> 'text' } %> <br /><br />
<label for="password">Password</label><%=f.text_field assword, {:class
=> 'text' } %> <br /><br />
</fieldset>

<%=submit_tag 'Save', {:class => 'submit' } %>

<% end %>

Any explanations would be awesome, thanks in advance!
--
Posted via http://www.ruby-forum.com/.

[Note: parts of this message were removed to make it a legal post.]

I have a plugin called has_password that abstracts away the SHA1-encryption.

ruby script/plugin install git://github.com/jcoglan/has_password.git

There's information in the README on how to use it, it's pretty
straightforward and just handles the password encryption, and has a hook to
notify you when an object's password changes so you can send emails etc.
There are other more complex plugins like acts_as_authenticated that do a
lot more than this, so see which suits you best.


2008/8/27 Amanda .. <a.etherton@hotmail.com>

> Hi there, I'm trying to use a form to create a user for a site. All the
> information from the form is currently submitted to the database as is.
> I want the password to be encrypted in the database, but I have no idea
> how to do this. I have read a bit about WD5, but have no clue how to do
> it really, could anybody help me out with this?
>
> Here is my form:
>
> <% form_for :user do |f| %>
>
> <fieldset class="two-cols" id="createuser">
> <label for="name">Name</label> <%= f.text_field :name, {:class =>
> 'text'} %><br /><br />
> <label for="username">Username</label><%=f.text_field :username, {:class
> => 'text' } %> <br /><br />
> <label for="password">Password</label><%=f.text_field assword, {:class
> => 'text' } %> <br /><br />
> </fieldset>
>
> <%=submit_tag 'Save', {:class => 'submit' } %>
>
> <% end %>
>
> Any explanations would be awesome, thanks in advance!
> --
> Posted via http://www.ruby-forum.com/.
>
>


--
James Coglan

Lead JavaScript Developer
theOTHERmedia
http://ojay.othermedia.org
+44 (0) 7771512510

Thanks for your response, but do you know of a way to just encrypt the
password when the form is submitted? (ie encrypt the string in the text
field before it gets stored into the database) I really just need to
know how to do this with the type of form I have above.




James Coglan wrote:
> I have a plugin called has_password that abstracts away the
> SHA1-encryption.
>
> ruby script/plugin install git://github.com/jcoglan/has_password.git
>
> There's information in the README on how to use it, it's pretty
> straightforward and just handles the password encryption, and has a hook
> to
> notify you when an object's password changes so you can send emails etc.
> There are other more complex plugins like acts_as_authenticated that do
> a
> lot more than this, so see which suits you best.
>
--
Posted via http://www.ruby-forum.com/.

[Note: parts of this message were removed to make it a legal post.]

2008/8/27 Amanda .. <a.etherton@hotmail.com>

> Thanks for your response, but do you know of a way to just encrypt the
> password when the form is submitted? (ie encrypt the string in the text
> field before it gets stored into the database) I really just need to
> know how to do this with the type of form I have above.



To encrypt a string:

require 'digest/sha1'
encrypted = Digest::SHA1.hexdigest(string)

Fred Phillips wrote:
> This will have to be done with client‐side scripting such as
> Javascript, not server‐side Ruby.

okay well, since I haven't used much javascript, particularly with Ruby,
could you help me out with how I would use Javascript for this? I'm
guessing I would have to call a method when I submit the form and get
the string from the password box and encrypt it?


No idea how to do this really..any guidance would be great
--
Posted via http://www.ruby-forum.com/.

[Note: parts of this message were removed to make it a legal post.]

2008/8/27 Fred Phillips <fophillips@fophillips.org>

> On Thu Aug 28 01:04:24 2008, Amanda .. wrote:
> > Thanks for your response, but do you know of a way to just encrypt the
> > password when the form is submitted? (ie encrypt the string in the text
> > field before it gets stored into the database) I really just need to
> > know how to do this with the type of form I have above.
>
> This will have to be done with client$B!>(Bside scripting such as
> Javascript, not server$B!>(Bside Ruby.



Doing it in JavaScript is a bad idea -- not all users will have it enabled,
you'll need to use your own hashing function, etc. If you're really
concerned about sending passwords over the network, serve the page on an
https:// URL -- consult an Apache tutorial for setting that up, and use the
ssl_requirement Rails plugin.

On Wed, Aug 27, 2008 at 10:31 AM, Amanda .. <a.etherton@hotmail.com> wrote:
> Hi there, I'm trying to use a form to create a user for a site. All the
> information from the form is currently submitted to the database as is.
> I want the password to be encrypted in the database, but I have no idea
> how to do this. I have read a bit about WD5, but have no clue how to do
> it really, could anybody help me out with this?
>
> Here is my form:
>
> <% form_for :user do |f| %>
>
> <fieldset class="two-cols" id="createuser">
> <label for="name">Name</label> <%= f.text_field :name, {:class =>
> 'text'} %><br /><br />
> <label for="username">Username</label><%=f.text_field :username, {:class
> => 'text' } %> <br /><br />
> <label for="password">Password</label><%=f.text_field assword, {:class
> => 'text' } %> <br /><br />
> </fieldset>
>
> <%=submit_tag 'Save', {:class => 'submit' } %>
>
> <% end %>

I haven't used Rails in a while, but what happens in between the form
submission and the submission to the database. Surely, you have some
control over that?

Todd

Todd Benson wrote:
> I haven't used Rails in a while, but what happens in between the form
> submission and the submission to the database. Surely, you have some
> control over that?
>
> Todd

Thats what I'm not sure about/don't know how to do...I was hoping for
some simple way to submit WD5(assword) to the database or something
like that...I'm not very experienced with RoR or databases, so that's
why I'm having a hard time with this

--
Posted via http://www.ruby-forum.com/.

Kevin Brown wrote:
> Why? Has Amanda chosen to not use SSL to secure the client to server
> communication ?

and I don't even know what ssl is lol, I will go look into it.
--
Posted via http://www.ruby-forum.com/.

Amanda .. wrote:
>
> Thats what I'm not sure about/don't know how to do...I was hoping for
> some simple way to submit WD5(assword) to the database or something
> like that...I'm not very experienced with RoR or databases, so that's
> why I'm having a hard time with this

I was hoping for something like what's outlined here:

http://www.bluehostforum.com/showthread.php?t=176

but that I can do in Ruby instead of PHP
--
Posted via http://www.ruby-forum.com/.