如何在设计中禁用加密密码？ [英] How disable encrypting password in devise?

问题描述

如何在设计中禁用加密密码？

How disable encrypting password in devise?

推荐答案

我同意Shingara的观点。永远不要以可恢复的方式存储人们的密码。devise会存储散列（未加密）的密码，它们都是不可读的格式，但是区别在于您无法反转散列。

I agree with Shingara. You should never store people's passwords in an manner that's recoverable devise stores passwords hashed (not encrypted), they're both unreadable formats, but the difference is that you can't reverse the hashing.

如果您想知道为什么，这是为了让如果您的站点或数据库遭到破坏，黑客将无法窃取您的用户密码（用户有以下习惯：在几乎每个站点上都使用相同的密码）。您不想通过不对密码进行散列来显得愚蠢，而且您也没有借口，因为它是免费为您提供设计的。

If you're wondering why, this is so that if your site or database gets compromised, the hackers won't be able to steal your users passwords (users have a bad habit of using the same password on almost every site). You don't want to look silly by not hashing passwords, and you've no excuse since it's provided free for you with devise.

您唯一需要做的就是能够使用密码来授权用户，但仍可以使用哈希密码来完成。如果他们忘记了密码，则无需告诉用户密码，而只需将密码重置为新密码（设备也支持此密码）。

The only thing you need to be able to do with a password is authorize a user, which can still be done with a hashed password. You never need to tell users their password if they forget it, instead reset their password to something new (devise supports this too).

这篇关于如何在设计中禁用加密密码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！