has_secure_password

[Robert Evans]

Hi all,

I would like to get feedback on a proposal for ActiveModel::SecurePassword before I send a PR:

Currently, ActiveModel::SecurePassword has a class method #min_cost which can be set to true/false - false by default. When true, cost is set to MIN_COST of 4 and false it is set to DEFAULT_COST of 10.

BCrypt's cost factor can be set from 1 to 31.

I'd like to propose deprecating #min_cost in favor of just #cost. The cost class method would have a default value of 10, keeping consistency. This would then allow developers to have more control on setting the cost, depending on the application in which they're building. 

An example would be setting the cost to 1 for tests (as devise does) or to something higher than 10 for an application that requires it. 

Thoughts or concerns? 

Thanks!

Robert

[Carlos Antonio da Silva]

min_cost doesn't need to be deprecated, since it was just added to master. I think it's fine for it to be a cost number, similar to devise, though, but others might have different opinions on that.

On Wed, Nov 28, 2012 at 8:29 PM, Robert Evans <rob...@codewranglers.org> wrote:

devise

--
At.
Carlos Antonio

[Rafael Mendonça França]

I think it is fine too

Rafael Mendonça França
http://twitter.com/rafaelfranca
https://github.com/rafaelfranca

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.

To post to this group, send email to rubyonra...@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-co...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.

[Robert Evans]

I opened a PR of the implementation and some dialog on what I think would be even better: https://github.com/rails/rails/pull/8408