In an application we wrote back in 2004 I found MD5 hashed passwords. We decided this was too weak for modern standards so we wanted to switch to bcrypt . During the move we wanted the user to be affected as little as possible. In order to compute the crypted password we need the cleartext version. We only have a hashed version so the user has to type her password. Luckily they do this every time they authenticate, so that is a nice opportunity to upgrade their password. First I added a crypted_password column to the accounts table. We now have two columns for storing the password: the old hashed_password and the new crypted_password . add_column :accounts, :crypted_password, :string After that we updated the password accessor methods; assignment and verification. class Account def password=(password) if new_record? or !password.blank? self.crypted_password = BCrypt::Passw...
Full article: http://www.fngtps.com/2010/moving-to-a-safer-password-sol...
Artistic Director of The Instant Cafe Theatre Company and of CHAI, Jo Kukathas is an award winning actor, writer anddirect...
Burger fans take note! After a short break and relocation from their previous digs in Ghim Moh, De Burg is now back in biz...
