0

I have read many references to the Charles Miller best practices for tokens referenced here definitive-guide-to-form-based-website-authentication. But I have not seen any real examples.

My question is what should be used for the user name field? I am thinking this should not be a real name, nor an email. I was thinking of using the gravatar_id, or the user id number (1 .. n). The gravatar_id seems like overkill, and the id number seems weak. What are some better choices?

Edit I guess I am under the assumption the token should look something like this

"#{user.name}:#{SecureRandom.urlsafe_base64}"  -> "user12:0a5be29627332034d4dd8a"

but having that user12 in plain text seems wrong. So I think I am missing something basic with the concept

Community
  • 1
  • 1
nPn
  • 16,254
  • 9
  • 35
  • 58
  • Just to clarify, are you asking for a recommendation on what the column name should be for the "remember me" functionality of a user login system? – franksort Mar 28 '14 at 21:04
  • no, not the column name but rather what should be used for the "name" part in a two part remember me token. the referenced guide says to use as a token the username , a separator character, and a random number – nPn Mar 28 '14 at 21:10

0 Answers0