RDoc Documentation

File: README.rdoc

Path:README.rdoc
Modified:Thu Aug 05 03:08:50 -0400 2010

auto_hash

A Ruby on Rails plugin to automate hashing an activerecord field and saving as a salt and digest in a single field.

Works with both rails 2x and 3x

Synopsis


   # In Model
   class User < ActiveRecord::Base
     auto_hash :password
   end

   # Elsewhere
   user = User.new(:username => "kevin", :password => "asdf")
   user.password #=> "6cc4ce889e770343f4b0d3708851f6624b5c1dda4bc4b6dd23ace50328fcd3e0-b99d218de031fad5df71"
   user.password_hash_match?("asdf") # => true

   # works with updating fields also
   user = User.find_by_username("kevin")
   user.password = "better_password"
   user.password_hash_match?("better_password") # => true

Installing


   sudo gem install auto_hash

For rails 2x, in environment.rb


    Rails::Initializer.run do |config| do
      config.gem "auto_hash"
    end

For rails 3x, in Gemfile


   gem "auto_hash"

Details

The hashing is pretty simple, you‘ll find something like this in the source:


    salt = ActiveSupport::SecureRandom.hex(10)
    hash = Digest::SHA2.new.update(value + salt).to_s

The value stored in the database field is a hash appended with its salt, as "hash-salt"

In case you weren‘t sure, a salt is not necessarily a secret - its simply a way to defeat dictionary attacks by adding huge variety to the hashed value.

Copyright

Copyright (c) 2010 Kevin Swope. See LICENSE for details.

Classes

Files: 1 Classes: 0 Modules: 0 Methods: 0 Elapsed: 0.029s