On Aug 23, 2011, at 8:29 AM, billv wrote: > If I can use the same salt for each of the > username passwords, the hashes will match and then I can validate to > be sure that they don't.
Well then, when you create a user, search for a pre-existing user and use its salt if there is one, otherwise let a new salt be generated. Of course you have to watch out for the race condition of two users trying to create the same username at the same time. Either that doesn't happen in your usage scenario (admin setting up all users perhaps), or you have to block it--a simple unique index on username + salt, with retry on constraint failure, would seem to do it. I don't know where to hook into has_secure_password to do this, but it occurs to me that if you provide a salt yourself before calling it, that should work shouldn't it? -- Scott Ribe [email protected] http://www.elevated-dev.com/ (303) 722-0567 voice -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
