File: README.rdoc
Path: | README.rdoc |
Modified: | Thu Aug 05 03:08:50 -0400 2010 |
auto_hash
A Ruby on Rails plugin to automate hashing an activerecord field and saving as a salt and digest in a single field.
Works with both rails 2x and 3x
Synopsis
# In Model
class User < ActiveRecord::Base
auto_hash :password
end
# Elsewhere
user = User.new(:username => "kevin", :password => "asdf")
user.password #=> "6cc4ce889e770343f4b0d3708851f6624b5c1dda4bc4b6dd23ace50328fcd3e0-b99d218de031fad5df71"
user.password_hash_match?("asdf") # => true
# works with updating fields also
user = User.find_by_username("kevin")
user.password = "better_password"
user.password_hash_match?("better_password") # => true
Installing
sudo gem install auto_hash
For rails 2x, in environment.rb
Rails::Initializer.run do |config| do
config.gem "auto_hash"
end
For rails 3x, in Gemfile
gem "auto_hash"
Details
The hashing is pretty simple, you‘ll find something like this in the source:
salt = ActiveSupport::SecureRandom.hex(10)
hash = Digest::SHA2.new.update(value + salt).to_s
The value stored in the database field is a hash appended with its salt, as "hash-salt"
In case you weren‘t sure, a salt is not necessarily a secret - its simply a way to defeat dictionary attacks by adding huge variety to the hashed value.
Copyright
Copyright (c) 2010 Kevin Swope. See LICENSE for details.