two way crypt:
bcrypt-ruby
An easy way to keep your users’ passwords secure.
* bcrypt-ruby.rubyforge.org/
* github.com/codahale/bcrypt-ruby/tree/master
Why you should use bcrypt
If you store user passwords in the clear, then an attacker who steals a copy of your database has a giant list of emails and passwords. Some of your users will only have one password — for their email account, for their banking account, for your application. A simple hack could escalate into massive identity theft.
It‘s your responsibility as a web developer to make your web application secure — blaming your users for not being security experts is not a professional response to risk.
bcrypt allows you to easily harden your application against these kinds of attacks.
How to install bcrypt
You‘ll need a working compiler. (Win32 folks should use Cygwin or um, something else.)
How to use bcrypt in your Rails application
The User model
Creating an account
Authenticating a user
If a user forgets their password?
# assign them a random one and mail it to them, asking them to change it
How to use bcrypt-ruby in general
Check the rdocs for more details — http://bcrypt-ruby.rubyforge.org/classes/BCrypt.htmlBCrypt, http://bcrypt-ruby.rubyforge.org/classes/BCrypt/Password.htmlBCrypt::Password.
#http://crypt.rubyforge.org/blowfish.html #gem install crypt require 'crypt/blowfish' blowfish = Crypt::Blowfish.new("A key up to 56 bytes long") plainBlock = "ABCD1234" p plainBlock encryptedBlock = blowfish.encrypt_block(plainBlock) p encryptedBlock decryptedBlock = blowfish.decrypt_block(encryptedBlock) p decryptedBlock
bcrypt-ruby
An easy way to keep your users’ passwords secure.
* bcrypt-ruby.rubyforge.org/
* github.com/codahale/bcrypt-ruby/tree/master
Why you should use bcrypt
If you store user passwords in the clear, then an attacker who steals a copy of your database has a giant list of emails and passwords. Some of your users will only have one password — for their email account, for their banking account, for your application. A simple hack could escalate into massive identity theft.
It‘s your responsibility as a web developer to make your web application secure — blaming your users for not being security experts is not a professional response to risk.
bcrypt allows you to easily harden your application against these kinds of attacks.
How to install bcrypt
sudo gem install bcrypt-ruby
You‘ll need a working compiler. (Win32 folks should use Cygwin or um, something else.)
How to use bcrypt in your Rails application
The User model
require 'bcrypt' class User < ActiveRecord::Base # users.password_hash in the database is a :string include BCrypt def password @password ||= Password.new(password_hash) end def password=(new_password) @password = Password.create(new_password) self.password_hash = @password end end
Creating an account
def create @user = User.new(params[:user]) @user.password = params[:password] @user.save! end
Authenticating a user
def login @user = User.find_by_email(params[:email]) if @user.password == params[:password] give_token else redirect_to home_url end end
If a user forgets their password?
# assign them a random one and mail it to them, asking them to change it
def forgot_password @user = User.find_by_email(params[:email]) random_password = Array.new(10).map { (65 + rand(58)).chr }.join @user.password = random_password @user.save! Mailer.create_and_deliver_password_change(@user, random_password) end
How to use bcrypt-ruby in general
require 'bcrypt' my_password = BCrypt::Password.create("my password") #=> "$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa" my_password.version #=> "2a" my_password.cost #=> 10 my_password == "my password" #=> true my_password == "not my password" #=> false my_password = BCrypt::Password.new("$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa") my_password == "my password" #=> true my_password == "not my password" #=> false
Check the rdocs for more details — http://bcrypt-ruby.rubyforge.org/classes/BCrypt.htmlBCrypt, http://bcrypt-ruby.rubyforge.org/classes/BCrypt/Password.htmlBCrypt::Password.
发表评论
-
使用 Capistrano 对rails app进行快速部署
2011-02-23 15:05 1761仅转载了,还没有用过,如果有问题可留言,大家一起讨论 在进行 ... -
ruby进行web serveice的方法
2011-02-15 14:37 835require 'soap/wsdlDriver' #url ... -
友好的登录系统
2011-01-28 10:54 673友好的登录系统 按照目前的代码,如果管理员尝试在未登录的状态下 ... -
第三版
2011-01-27 15:36 0view格式化价格 <%= number_to_curr ... -
用户操作数据库记录
2011-01-25 15:16 850今天我们看看怎样在数据库记录用户操作 db/migrate/0 ... -
Ruby中 respond_to? 和 send 的用法
2011-01-25 14:24 1239obj = Object.new if obj ... -
rails 路由
2011-01-25 14:17 11524 正则路由 Rails支持 ... -
rails 验证自定义方法
2011-01-25 11:37 1566可以自定义validate(), 这个方法在每次保存数据时都会 ... -
flash-notice自动消失
2011-01-25 11:12 1367flash 提示的自动消失: <body onloa ... -
开发环境页面直接调试
2011-01-25 11:06 667#首先,在layout里边的合适地方添加debug,并且使 ... -
对静态页面进行缓存
2011-01-24 14:35 929对于静态站点我们可以利用Rails的cache来管理,如在co ... -
rvm部署rails3和ruby192
2011-01-21 10:39 10861. Installing RVM $ sudo gem ... -
rails要理解
2011-01-18 10:57 602清单3 module Dictionary ... -
rails 加载不同插件设置
2010-12-31 14:49 374config.plugins = [ :all ] co ... -
参考rails 下拉
2010-12-31 14:47 617对于多数的model的select列表,我都会用model属性 ... -
自定义form提示
2010-12-31 10:53 678自定义form错误提示 application_contro ... -
提高rails开发模式下静态页加载速度
2010-12-31 10:44 873http://github.com/thedarkone/ra ... -
rails 连接多个数据库
2010-12-30 10:31 748首先在database.yml中加入以下代码,其中cg_clo ... -
瘦controller,富model
2010-12-28 14:02 735----先看这么一段rhtml代码:渲染模板中加入了这么多的逻 ... -
rake 命令一览
2010-12-28 11:21 985rake db:abort_if_pending_migr ...
相关推荐
凯撒密码加密和解密python实现源码.zip凯撒密码加密和解密python实现源码.zip凯撒密码加密和解密python实现源码.zip凯撒密码加密和解密python实现源码.zip凯撒密码加密和解密python实现源码.zip凯撒密码加密和解密...
基于Python的凯撒密码加密和解密源码.zip基于Python的凯撒密码加密和解密源码.zip基于Python的凯撒密码加密和解密源码.zip基于Python的凯撒密码加密和解密源码.zip基于Python的凯撒密码加密和解密源码.zip基于Python...
matlab开发-使用matlabguiguide进行凯撒密码加密和解密。使用MATLAB指南,该程序将使用凯撒密码加密和解密字母
C语言实现凯撒密码加密和解密 在这个程序中,我们定义了两个函数caesar_encrypt和caesar_decrypt,分别用于加密和解密。在主函数中,我们首先通过fgets函数获取用户输入的明文或密文,然后通过scanf函数获取用户输入...
本资源使用经典hill密码对输入的字符串进行加密和解密,加密矩阵可以根据自己的要求更改,加密过程中3个字母为一组,不足三个时,输出的解密后的字符串用哑文z补齐。下载解压后,导入MATLAB路径中,直接运行即可。...
C++密码加密与解密C++密码加密与解密C++密码加密与解密C++密码加密与解密C++密码加密与解密C++密码加密与解密C++密码加密与解密C++密码加密与解密C++密码加密与解密C++密码加密与解密C++密码加密与解密C++密码加密与...
使用js对密码加密解密三种方式,包括md5、base64、sha1等主流加密方式。
des密码加密与解密算法!根据密匙加密与解密!,密匙自定义值
密码加密和密码解密!! 把用户和密码绑在一起加密,解密也需要用户和加密的密码。
这个是密码学里的DES算法,使用C++编写,含有加密和解密
C语言编写的简单凯撒密码的加密和解密源代码,vc6.0运行
内容包含凯撒密码一个加密函数,和一个解密函数,适用于有一些指定需求的人,如有问题请私信我。 恺撒密码(英语:Caesar cipher),或称恺撒加密、恺撒变换、变换加密,是一种最简单且最广为人知的加密技术。它是一...
现代密码学部分比较容易看懂,且可以运行的两段代码。
python实现凯撒密码加密解密 凯撒加密就是通过将字母移动一定的位数来实现加密和解密。明文中的所有字母都在字母表上向后(或向前)按照一个固定数目进行偏移,被替换成密文。例如,当偏移量是2的时候,所有的字母B将...
用MATLAB实现了Caesar密码的加密与解密,分别写成函数文件,并附带测试文件,可以正常运行。
解密希尔密码
主要介绍了Spring Security使用数据库认证及用户密码加密和解密,本文通过代码与截图的形式给大家介绍的非常详细,对大家的工作或学习具有一定的参考借鉴价值,需要的朋友可以参考下
实现对登录密码的加密解密,更加安全的控制项目安全。
使用c++实现hill密码的加密解密以及破译,代码可即时运行。 代码详述:代码有两个文件,第一个文件用于加密解密,第二个文件用于破译,均可由用户即时输入,交互性好。
栅栏密码加密解密工具