in my site in admin panel was wanted to do the password encryption of ruby on rails so i got some resources for it and implemented like this,
first my form of login is like this..
<%= javascript_include_tag('rsa/jsbn', 'rsa/prng4', 'rsa/rng', 'rsa/rsa', 'rsa/base64', :cache => true) %>
<% form_tag session_path, :id => 'login' do -%>
<%= submit_tag 'Log in' %>
<% end -%>
<%= hidden_field_tag :public_modulus, @public_modulus %>
<%= hidden_field_tag :public_exponent, @public_exponent %>
Two things to note here. First, we are including the four necessary JavaScript libraries on this page only. Second, we use a hidden field to store/commit the password – this field is populate via JavaScript.
and in the controoller :::::::::
def new
key = OpenSSL::PKey::RSA.new(1024)
@public_modulus = key.public_key.n.to_s(16)
@public_exponent = key.public_key.e.to_s(16)
session[:key] = key.to_pem
enddef create
key = OpenSSL::PKey::RSA.new(session[:key])
password = key.private_decrypt(Base64.decode64(params[:password]))
user = User.authenticate(params[:username], password)
if user
reset_session # reset session after login
session[:user_id] = user.id
flash[:notice] = "Welcome back, #{user.username}"
redirect_to admin_url
else
flash[:error] = 'Invalid username/password entered'
new and render :action => 'new'
end
end
http://iamjosh.wordpress.com/2008/03/18/encrypting-login-password-without-ssl-in-ruby-on-rails/
No comments:
Post a Comment