开发者

where to store password besides database

i'm trying to build a super simple authentication. I'm not sure where to store admin password. Where should i put the password? Model, environment or somewhere else.? A开发者_如何转开发nd how can i access enviroment variable if i store it in environment. THANKS!

UPDATE:

i put somethin in environment.rb

ADMIN_PASSWORD = "blablabla"

and trying to authenticate

def authenticate(username, password)
password = Digest::MD5.hexdigest(password).to_s
 if username == "admin" && password == ENV["ADMIN_PASSWORD"]
  session[:login] = true
 end
end

not working...

i think no need for to_s. Thanks all.


You can use an environmental variable, but you should use hashing to only set it encrypted. Try:

password = "abdefghij"
ENV['PASSWORD_SALT'] = BCrypt::Engine.generate_salt
ENV['PASSWORD_HASH'] = BCrypt::Engine.hash_secret(password, ENV['PASSWORD_SALT'])


def authenticate?(password)
  ENV['PASSWORD_HASH'] == BCrypt::Engine.hash_secret(password, ENV['PASSWORD_SALT'])
end

authenticate?("123456789") # false
authenticate?("abdefghij") # true


I'd prefer storing in Environment variables if database is not an option.

You can access them like

ENV["DB_PASSWORD"] # => "something_random"


Really simple would be to put it in a file, but don't forget to encrypt it.


Have you looked into HTTP Authentication? http://guides.rubyonrails.org/action_controller_overview.html#http-authentications

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜