How to get password from database using devise
193 views
Skip to first unread message
Manish Nautiyal
Jun 20, 2012, 9:04:30 AM6/20/12
to rubyonra...@googlegroups.com
Hi all
I'm using rails 3.2.1 + devise 2.0.4
My problem is that in my website only : Admin will create new users no
direct registration for users. Now when Admin create new_user
confirmation mail will be send to the user email id. The content of the
mail is
user_name
user_password
But the password come in encrypted format.
How I'll get password in readable form.
--
Posted via http://www.ruby-forum.com/.
I'm using rails 3.2.1 + devise 2.0.4
My problem is that in my website only : Admin will create new users no
direct registration for users. Now when Admin create new_user
confirmation mail will be send to the user email id. The content of the
mail is
user_name
user_password
But the password come in encrypted format.
How I'll get password in readable form.
--
Posted via http://www.ruby-forum.com/.
Walter Lee Davis
Jun 20, 2012, 9:11:28 AM6/20/12
to rubyonra...@googlegroups.com
On Jun 20, 2012, at 9:04 AM, Manish Nautiyal wrote:
> Hi all
>
> I'm using rails 3.2.1 + devise 2.0.4
>
> My problem is that in my website only : Admin will create new users no
> direct registration for users.
Walter
> Now when Admin create new_user
> confirmation mail will be send to the user email id. The content of the
> mail is
>
> user_name
> user_password
>
> But the password come in encrypted format.
>
>
> How I'll get password in readable form.
>
> --
> Posted via http://www.ruby-forum.com/.
>
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonra...@googlegroups.com.
> To unsubscribe from this group, send email to rubyonrails-ta...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
>
Tyler
Jun 20, 2012, 11:15:02 AM6/20/12
to rubyonra...@googlegroups.com
Why do you want the password in "readable" form? That goes against the most basic point of even having a password...
Colin Law
Jun 20, 2012, 11:17:01 AM6/20/12
to rubyonra...@googlegroups.com
On 20 June 2012 14:04, Manish Nautiyal <li...@ruby-forum.com> wrote:
> Hi all
>
> I'm using rails 3.2.1 + devise 2.0.4
>
> My problem is that in my website only : Admin will create new users no
> direct registration for users. Now when Admin create new_user
> confirmation mail will be send to the user email id. The content of the
> mail is
>
> user_name
> user_password
>
> But the password come in encrypted format.
How is the initial pwd being setup? If the admin is providing a
> Hi all
>
> I'm using rails 3.2.1 + devise 2.0.4
>
> My problem is that in my website only : Admin will create new users no
> direct registration for users. Now when Admin create new_user
> confirmation mail will be send to the user email id. The content of the
> mail is
>
> user_name
> user_password
>
> But the password come in encrypted format.
password then put that in the email.
Colin
Aleksey V Zapparov
Jun 20, 2012, 11:20:13 AM6/20/12
to rubyonra...@googlegroups.com
On Wed, 20 Jun 2012 08:15:02 -0700 (PDT)
Tyler <tyler....@gmail.com> wrote:
> Why do you want the password in "readable" form? That goes against
> the most basic point of even having a password...
He disallows users to register. So only admin can create a user
Tyler <tyler....@gmail.com> wrote:
> Why do you want the password in "readable" form? That goes against
> the most basic point of even having a password...
account, so he wants the system to send a message to the user that his
account was created with such and such login and pass.
--
Sincerely yours,
Aleksey V. Zapparov A.K.A. ixti
FSF Member #7118
Mobile Phone: +34 677 990 688
Homepage: http://www.ixti.net
JID: zapp...@jabber.ru
*Origin: Happy Hacking!
Tyler
Jun 20, 2012, 10:03:08 PM6/20/12
to rubyonra...@googlegroups.com
On Wednesday, June 20, 2012 8:20:13 AM UTC-7, ixti wrote:
On Wed, 20 Jun 2012 08:15:02 -0700 (PDT)
Tyler wrote:
> Why do you want the password in "readable" form? That goes against
> the most basic point of even having a password...
He disallows users to register. So only admin can create a user
account, so he wants the system to send a message to the user that his
account was created with such and such login and pass.
I understand the use case, but still doesn't make sense to store the password in plain text in the database. It's actually even more pointless if all the users are admins... then they call all just see each others' passwords. And it gives the illusion of security, when in actuality it's one params vulnerability away from giving all-encompassing access to any hacker that wants it
Manish Nautiyal
Jun 21, 2012, 12:23:07 AM6/21/12
to rubyonra...@googlegroups.com
Tyler wrote in post #1065431:
I don't want to store password in plain text in database. I just want to
send an email to user that your login & password is this. Devise will
store password in encrypt form in database.
> On Wednesday, June 20, 2012 8:20:13 AM UTC-7, ixti wrote:
>>
>>
> I understand the use case, but still doesn't make sense to store the
> password in plain text in the database. It's actually even more
> pointless
> if all the users are admins... then they call all just see each others'
> passwords. And it gives the illusion of security, when in actuality
> it's
> one params vulnerability away from giving all-encompassing access to any
> hacker that wants it
Dear Tyler
>>
>>
> I understand the use case, but still doesn't make sense to store the
> password in plain text in the database. It's actually even more
> pointless
> if all the users are admins... then they call all just see each others'
> passwords. And it gives the illusion of security, when in actuality
> it's
> one params vulnerability away from giving all-encompassing access to any
> hacker that wants it
I don't want to store password in plain text in database. I just want to
send an email to user that your login & password is this. Devise will
store password in encrypt form in database.
Reply all
Reply to author
Forward
0 new messages