1

I want to send a field which I add in a form in order to create user using the devise gem. These field is the password to access SVN so I don't want store it in a plain text and obviously, I cannot code it with an only one way algorithm. I thought about coding it in base 64, but I don't know how can I do it in the form field or in devise gem. This is my form field:

 <%= password_field_tag :pass, type:"password", name:"user[XXXX_password]", id:"XXXX_password" %>

Can I send the field codified with Base64.encode() or similar?

Any suggestion?

Thanks

EDIT:

I will try to explain it better:

I store the data the user (mail, pass ...) but, additionally I have added two fields: user and password of subversion.

Obviously, the devise password is encrypted, but the subversion password field can not be encrypted in a single way because when passed to subversion it would not recognize it.

Jose Sierra
  • 11
  • 3
  • What the point of base64 here? Anyone can decode it back. – Roman Kiselenko Jul 04 '18 at 11:34
  • I know, but it is not a problem in this case. I only want that the pass do not store it in a plain text. But if you can tell me a better way, I will be happy to learn. – Jose Sierra Jul 04 '18 at 11:40
  • What do you mean "I don't want store it in a plain text"? You don't store it, just user inputs it in the form. – Pavel Mikhailyuk Jul 04 '18 at 11:49
  • @Pavel Mikhailyuk No. The user must put in the field his pass and I store it in a database. After, he will use my tool for do tag in SVN and the tool need his pass in order to do it, so I need store it. – Jose Sierra Jul 04 '18 at 11:54
  • So, why did you provide your form code when you want to encrypt data in DB ? https://stackoverflow.com/questions/4128939/simple-encryption-in-ruby-without-external-gems – Pavel Mikhailyuk Jul 04 '18 at 12:31
  • Because I understand that it would be more correct to send the parameter already encrypted from the form. – Jose Sierra Jul 05 '18 at 06:29

1 Answers1

0

By reading the comments your issue on how to store the password. A general rule of thumb is to indeed encrypt it and apply the same function when the user logs in, comparing the value the user sends with the value you have in your database.

Passwords should NEVER be stored in plain text in the database, instead, store a hash of the original information.

You could use PBKDF2 (Ruby gem), or base64.

If you're using devise, the gem should take care of storing the secret for you if you set your user model correctly. Have a look at this

I don't know how this answers your question as it touches lots of core concepts, but if you could be more specific I'd be glad to expand it.

Alex.U
  • 1,631
  • 2
  • 16
  • 26
  • I will try to explain it better: I store the data the user (mail, pass ...) but, additionally I have added two fields: user and password of subversion. Obviously, the devise password is encrypted, but the subversion password field can not be encrypted in a single way because when passed to subversion it would not recognize it. Excuse my English, it's not very good – Jose Sierra Jul 05 '18 at 06:25