On Wed, Feb 11, 2009 at 11:35 PM, Shockmeister <[email protected]>wrote:
> > I have used a sha256 hashing algorithm in order to provide some > security to my login facility. I now want to create a facility > whereby, if the user forgets their password, they are emailed a > temporary password so that they can login. Has anyone had any > experience implementing this? > > > Generally if you're using a hash to store the password, then you will need to send users to a page where they can enter a new password. You can do this by generating a temporary token (random value) that you include in a url you mail to the user and set it to expire within a few minutes of being generated. Make sure it's enough time for the password to be reset. Andrew Timberlake http://ramblingsonrails.com http://www.linkedin.com/in/andrewtimberlake "I have never let my schooling interfere with my education" - Mark Twain --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
