On Wednesday, June 20, 2012 8:20:13 AM UTC-7, ixti wrote: > > On Wed, 20 Jun 2012 08:15:02 -0700 (PDT) > Tyler wrote: > > > Why do you want the password in "readable" form? That goes against > > the most basic point of even having a password... > > He disallows users to register. So only admin can create a user > account, so he wants the system to send a message to the user that his > account was created with such and such login and pass. > > I understand the use case, but still doesn't make sense to store the password in plain text in the database. It's actually even more pointless if all the users are admins... then they call all just see each others' passwords. And it gives the illusion of security, when in actuality it's one params vulnerability away from giving all-encompassing access to any hacker that wants it
> > -- > Sincerely yours, > Aleksey V. Zapparov A.K.A. ixti > FSF Member #7118 > Mobile Phone: +34 677 990 688 > Homepage: http://www.ixti.net > JID: [email protected] > > *Origin: Happy Hacking! > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/OT5gKXacVsMJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
