如何加密密码？ [英] How can I add basic encryption to password?

问题描述

我正在使用ruby在rails上创建一个基本的注册表单（我比较新的rails），而我想知道的是如何加密新用户的密码（出于明显的安全原因）？

这是我的注册页面：

 < script src =http： //code.jquery.com/jquery-latest.min.jstype =text / javascript>< / script> 
< script type =text / javascript> 
 $ .noConflict（）; 
 jQuery（document）.ready（function（$）{
 $（'a.close'）。click（function（）{
 $（this）.parent（）。fadeOut ）; 
}）; 
}）; 
< / script> 
<％if！flash.now [：notice] .blank？ ％GT; 
< div class =alert-message error> 
< a class =closehref =＃>×< / a> 
< p>< strong><％= flash.now [：notice] [0]％>< / strong>< / p> 
< / div> 
<％end％> 
< div class =alert-message info> 
< p>< strong>加入我们。简单到1 2 3。< / strong>< / p> 
< / div> 
<％form_for：user do | f | ％GT; 
< p>电子邮件：< br /> <％= f.text_field：email％>< / p> 
< p>名称：< br /> <％= f.text_field：name％>< / p> 
< p>用户名：< br /><％= f.text_field：username％>< / p> 
< p>密码：< br /> <％= f.password_field：password％>< / p> 
< p>博客< i>（可选）< / i> ;:< br /> <％= f.text_field：blog％>< / p> 
< p><％= submit_tag创建用户，：disable_with => 请等...，class => btn primary％>< / p> 
<％end％> 
  

而用户控制器：

  class UsersController< ApplicationController 
 def register 
 @user = User.new（params [：user]）
 if（request.post？和@ user.save）
 flash [：notice] = 帐户创建成功
 redirect_to root_path 
 else 
 flash.now [：notice] = @ user.errors.full_messages 
 end 
 end 
 def destroy 
 @user = User.find（params [：id]）
 @ user.destroy 
 redirect_to root_path 
 end 
 end 
  

任何帮助将不胜感激。
提前感谢

解决方案

你去：

  self.salt = ActiveSupport :: SecureRandom.base64（8）
 self.hashed_pa​​ssword = Digest :: SHA2.hexdigest（self.salt + submitted_pa​​ssword）
  

而对于身份验证：

  def password_correct？ 
 user.hashed_pa​​ssword == Digest :: SHA2.hexdigest（user.salt + password_to_confirm）
 end 
  

但像allesklar写的，Rails 3.1将是一个不错的选择。观看关于该主题的铁路档案。

I'm creating a basic sign up form using ruby on rails (I'm relatively new to rails), and what I want to know is how can I encrypt the new user's password (for obvious security reasons)?

Here's my registration page:

<script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"></script>
<script type="text/javascript">
  $.noConflict();
  jQuery(document).ready(function($) {
    $('a.close').click(function(){
      $(this).parent().fadeOut();
    });
  });
</script>
<% if !flash.now[:notice].blank? %>
<div class="alert-message error">
  <a class="close" href="#">×</a>
  <p><strong><%= flash.now[:notice][0] %></strong></p>
</div>
<% end %>
<div class="alert-message info">
  <p><strong>Join us. It's as simple as 1 2 3.</strong></p>
</div>
<% form_for :user do |f| %>
  <p> Email: <br />  <%= f.text_field :email %></p>
  <p> Name: <br />  <%= f.text_field :name %></p>
  <p> Username:<br /><%= f.text_field :username %></p>
  <p> Password: <br />  <%= f.password_field :password %></p>
  <p> Blog <i>(optional)</i>: <br />  <%= f.text_field :blog %></p>
  <p><%= submit_tag "Create User", :disable_with => "Please wait...", :class => "btn primary" %></p>
<% end %>

And the User controller:

class UsersController < ApplicationController   
  def register
    @user = User.new(params[:user])
    if(request.post? and @user.save)
      flash[:notice] = "Account Created Successfully"
      redirect_to root_path      
    else
      flash.now[:notice] = @user.errors.full_messages
    end
  end
  def destroy
    @user = User.find(params[:id])
    @user.destroy
    redirect_to root_path
  end  
end

Any help would be appreciated. Thanks in advance.

解决方案

Here you go:

self.salt = ActiveSupport::SecureRandom.base64(8)
self.hashed_password = Digest::SHA2.hexdigest(self.salt + submitted_password)

And the for the authentication:

def password_correct?
  user.hashed_password == Digest::SHA2.hexdigest(user.salt + password_to_confirm)
end

But like allesklar wrote, Rails 3.1 will be a good choice. Watch the Railscasts on the subject.

这篇关于如何加密密码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！