暗号化と復号
3819 ワード
もっと読む
two way crypt:
Aneasuryway to keep your users’passwords secure.
* bcrypet-ruby.ruby forge.org/
* github.com/codahale/bcryp-ruby/tree/master
Why You shuld use bcrypt
If you store user passwods in the clear、then aaatackr who steals a copy of your database has a giant list of emas andpasswods.Some of your users will Onlyhave passwod-fore theireemimimimimicacal forcocococococococococococococococococococococococococococococococococococococococococococococococococococococococococococococococococococococommmmssssssssssssssssssssss.Sos.Sos.So
It‘s your reponsibility as a web developer to make your web appication secure-blaming your users for not being security experts not a professional reponse to rick.
bcrypt allows you to easure harden your appration against these kids of atacks.
How to install bcrypt
How to use bcrypt in your Railsアプリ
The User model
落assign them a random one and mail it to them,asking them to change it
two way crypt:
#http://crypt.rubyforge.org/blowfish.html
#gem install crypt
require 'crypt/blowfish'
blowfish = Crypt::Blowfish.new("A key up to 56 bytes long")
plainBlock = "ABCD1234"
p plainBlock
encryptedBlock = blowfish.encrypt_block(plainBlock)
p encryptedBlock
decryptedBlock = blowfish.decrypt_block(encryptedBlock)
p decryptedBlock
Aneasuryway to keep your users’passwords secure.
* bcrypet-ruby.ruby forge.org/
* github.com/codahale/bcryp-ruby/tree/master
Why You shuld use bcrypt
If you store user passwods in the clear、then aaatackr who steals a copy of your database has a giant list of emas andpasswods.Some of your users will Onlyhave passwod-fore theireemimimimimicacal forcocococococococococococococococococococococococococococococococococococococococococococococococococococococococococococococococococococococommmmssssssssssssssssssssss.Sos.Sos.So
It‘s your reponsibility as a web developer to make your web appication secure-blaming your users for not being security experts not a professional reponse to rick.
bcrypt allows you to easure harden your appration against these kids of atacks.
How to install bcrypt
sudo gem install bcrypt-ruby
How to use bcrypt in your Railsアプリ
The User model
require 'bcrypt'
class User < ActiveRecord::Base
# users.password_hash in the database is a :string
include BCrypt
def password
@password ||= Password.new(password_hash)
end
def password=(new_password)
@password = Password.create(new_password)
self.password_hash = @password
end
end
def create
@user = User.new(params[:user])
@user.password = params[:password]
@user.save!
end
def login
@user = User.find_by_email(params[:email])
if @user.password == params[:password]
give_token
else
redirect_to home_url
end
end
落assign them a random one and mail it to them,asking them to change it
def forgot_password
@user = User.find_by_email(params[:email])
random_password = Array.new(10).map { (65 + rand(58)).chr }.join
@user.password = random_password
@user.save!
Mailer.create_and_deliver_password_change(@user, random_password)
end
require 'bcrypt'
my_password = BCrypt::Password.create("my password") #=> "$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa"
my_password.version #=> "2a"
my_password.cost #=> 10
my_password == "my password" #=> true
my_password == "not my password" #=> false
my_password = BCrypt::Password.new("$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa")
my_password == "my password" #=> true
my_password == "not my password" #=> false