Reputation: 79

where to store password besides database

i'm trying to build a super simple authentication. I'm not sure where to store admin password. Where should i put the password? Model, environment or somewhere else.? And how can i access enviroment variable if i store it in environment. THANKS!

UPDATE:

i put somethin in environment.rb

ADMIN_PASSWORD = "blablabla"

and trying to authenticate

def authenticate(username, password)
password = Digest::MD5.hexdigest(password).to_s
 if username == "admin" && password == ENV["ADMIN_PASSWORD"]
  session[:login] = true
 end
end

not working...

i think no need for to_s. Thanks all.

Upvotes: 0

Answers (4)

Kevin Sylvestre

Reputation: 38052

You can use an environmental variable, but you should use hashing to only set it encrypted. Try:

password = "abdefghij"
ENV['PASSWORD_SALT'] = BCrypt::Engine.generate_salt
ENV['PASSWORD_HASH'] = BCrypt::Engine.hash_secret(password, ENV['PASSWORD_SALT'])


def authenticate?(password)
  ENV['PASSWORD_HASH'] == BCrypt::Engine.hash_secret(password, ENV['PASSWORD_SALT'])
end

authenticate?("123456789") # false
authenticate?("abdefghij") # true

Upvotes: 1

Ben

Reputation: 6965

Have you looked into HTTP Authentication? http://guides.rubyonrails.org/action_controller_overview.html#http-authentications

Upvotes: 0

Dogbert

Reputation: 222288

I'd prefer storing in Environment variables if database is not an option.

You can access them like

ENV["DB_PASSWORD"] # => "something_random"

Upvotes: 0

Andy

Reputation: 2507

Really simple would be to put it in a file, but don't forget to encrypt it.

Upvotes: 0

where to store password besides database

Answers (4)

Related Questions