更新 ruby on Rails 中的数据库字段
我正在更新数据库哈希算法。
我当前的系统运行在md5上,我想将其更改为BCrypt +salt。
我的问题是,当旧用户(密码以 md5 进行哈希处理的用户)使用旧密码登录时,我想自动将数据库中的密码更改为 BCrypt+salt。
if // check if the password stored in bcrypt
salt = IDA::Config.get_configuration('salt')
hash_password = BCrypt::Password.new(hash)
return (BCrypt::Password.create(salt['salt_value']+password) == (salt['salt_value']+password)) ? true : false
else // for users who's password encrypted in md5.
salt = IDA::Config.get_configuration('salt') // i"m getting a salt here
BCrypt::Password.create(salt['salt_value']+password) // Im getting a salted bcryptted password and I tried to put this into db manually and try to login it works perfectly
// I want to write this new salted password into db once the user is authenticated with his old password
return (Digest::MD5.hexdigest(password) == hash) ? true : false
我想在模型中写下这个。任何帮助将不胜感激。 谢谢
I'm updating a database hashing algorithm.
My current system runs on md5 and I want to change it into BCrypt +salt.
My problem is when an old user(users whos password hashed in md5) is login with his old password I want to automatically change the password to BCrypt+salt in database.
if // check if the password stored in bcrypt
salt = IDA::Config.get_configuration('salt')
hash_password = BCrypt::Password.new(hash)
return (BCrypt::Password.create(salt['salt_value']+password) == (salt['salt_value']+password)) ? true : false
else // for users who's password encrypted in md5.
salt = IDA::Config.get_configuration('salt') // i"m getting a salt here
BCrypt::Password.create(salt['salt_value']+password) // Im getting a salted bcryptted password and I tried to put this into db manually and try to login it works perfectly
// I want to write this new salted password into db once the user is authenticated with his old password
return (Digest::MD5.hexdigest(password) == hash) ? true : false
I want to write this in model.Any help will be greatly appreciated.
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
首先,BCrypt(图书馆和宝石)处理盐,因此您可以消除所有盐业务。
其次,您真正想要的是一种重新散列所有记录敏感数据(我假设是密码)的方法。因此,您要做的就是:
有关详细信息,请参阅评论。新字段
is_bcrypt只是为了让您知道哪些记录已被散列,哪些没有。只有当他们也真正储蓄时才会发生这种情况。完成此操作后,并且您确定所有有关密码的代码都已重构,您可以取出该字段。
First off, BCrypt (both the library and the gem) handles salt so you can nix all of the salt business.
Second what you really want is a way of re-hashing all of your records sensitive data (passwords I assume). So here's what you do:
See comments for details. The new field
is_bcryptis just so you can know which records have been hashed and which haven't. It only happens if they actually save too.When this is done, and you're sure all the code concerning passwords is refactored you can take out that field.