On 10/10/06, Patrick Crowley <[EMAIL PROTECTED]> wrote:
1. User registers 2. Rails adds a SHA-1 validation key to the user account 3. Rails sends user an email with a link that contains the SHA-1 key 4. User gets email and clicks link 5. If SHA-1 is valid, user account is activated (by setting validation key to '') 6. User can now login
I haven't done account validation yet, so I'm curious. Rather than try to answer I'm going to ask a question of my own. Hopefully I don't derail the thread too badly :) What does your step 2 entail and how does it guarantee validity? I'm assuming the SHA-1 is of some string that is not easily guessable. Is it a SHA-1 of the email or other user data plus some salt? Or some random string? Does it really matter? -- Nick Zadrozny _______________________________________________ Sdruby mailing list [email protected] http://lists.sdruby.com/mailman/listinfo/sdruby
