password + salt

Hey Again,

So I'm still working through AWDwR and I've just completed the
authentication section for users. I understand the idea behind salts
and general authentication. The part I feel I'm missing is when the
first salt is created and stored to the db.
(I can post the code but I assume anyone whos read the book knows what
I'm referring to)

In the users_controller I see the new user model being created, passed
the parameters from the form and then saved. But non of the parameters
are the salt. Nor did this function call the salt creation method in
the user model. So I just don't get when the salt is actually
generated to be saved to the database.

Then to my understanding when the user logs in. The salt is pulled
from the db concatenated onto the plain text password submitted by the
form, SHA1 digested and compared to the hashed_password field in the
db. Which makes sense.


Assuming your are talking about the 3rd ed. It's on pages 161-62

On p 162 is the method create_new_salt which computes the salt. That
method is called in the passwd= method on p162 which calls
create_new_salt and then computes the hashed password from the
password and the salt.


If it's not the 3rd edition, then I'm pretty sure it's there but just
on different page numbers.