Gavin Morrice wrote: > Hey all - just wanted to check if I'm going about this in the right > way... > > I have class User, user has a password > > Password should only be valid if it's between 6 and 16 chars in > length.
Fist of all, don't limit the length of a user's password. At least not down to 16 chars. All you're doing is limiting the level of security the use can have. If they want 20 or even 30 or 40 character passwords, so what. I use long random passwords all the time in combination with a password manager. > New user is created if everything is valid and it's stored to the db. > > After saving to the database, the password is then hashed making it > over 16 chars in length. SHA1, or whatever message digest (hash), algorithm is always going to be the same length no matter how long, or short, the cleartext password is so there's no reason to put any limitations on the cleartext password. > > The User record no longer passes validation. > Don't hack off the end of your message digest and this wont happen. > In the past I've just figured this wasn't an issue; just make sure the > object is valid before saving it to the db. You figured wrong. :) > > However, if using validates_associated on any of a Users children, the > child object becomes invalid becuase the user is no longer passing > validation > > In the past I've just dropped the validates_associated as it wasn't > stricly neccessary. - I'd just make sure I always called > User.children.create > > Is there a better way to handle this? In a word yes. See above. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
