- edited description
deis_password too dangerous
Issue #3
resolved
When I run:
User.all.each { |user| puts user.deis_password };0
It shows:
$2a$10$/
$2a$10$v
$2a$10$f
$2a$10$t
$2a$10$Q
$2a$10$Y
$2a$10$m
$2a$10$f
...
They all differ by 1 character only. Very dangerous. Suggest to use last 8 chars instead.
For example:
def deis_password
encrypted_password.slice(-8, -1) or encrypted_password # In case shorter than 8 chars (very unlikely)
end
Comments (4)
-
reporter
-
Cool. Sounds good to me.
-
Fixed in the latest PR.
-
reporter
- changed status to resolved
Resolved by pull request #38
- Log in to comment