password + salt

brianp · August 12, 2009, 6:06pm

Hey Again,

So I'm still working through AWDwR and I've just completed the authentication section for users. I understand the idea behind salts and general authentication. The part I feel I'm missing is when the first salt is created and stored to the db. (I can post the code but I assume anyone whos read the book knows what I'm referring to)

In the users_controller I see the new user model being created, passed the parameters from the form and then saved. But non of the parameters are the salt. Nor did this function call the salt creation method in the user model. So I just don't get when the salt is actually generated to be saved to the database.

Then to my understanding when the user logs in. The salt is pulled from the db concatenated onto the plain text password submitted by the form, SHA1 digested and compared to the hashed_password field in the db. Which makes sense.

Thanks, -bp

Rick_DeNatale · August 13, 2009, 4:33pm

Assuming your are talking about the 3rd ed. It's on pages 161-62

On p 162 is the method create_new_salt which computes the salt. That method is called in the passwd= method on p162 which calls create_new_salt and then computes the hashed password from the password and the salt.

HTH

If it's not the 3rd edition, then I'm pretty sure it's there but just on different page numbers.

Topic		Replies	Views
AWDwR Login Question rubyonrails-talk	2	128	October 15, 2006
Rails Recipes #31 Authenticating Users rubyonrails-talk	0	127	March 5, 2007
Salted hash login generator rubyonrails-talk	0	98	February 18, 2009
self. vs. @ rubyonrails-talk	7	119	August 13, 2007
Agile Web Dev w/Rails - Password Change rubyonrails-talk	0	108	December 31, 2007

password + salt

Related topics

More Resources