Hacker News new | past | comments | ask | show | jobs | submit login

Any modern Rails app is very likely using bcrypt to store password hashes. It's baked into most of the popular auth frameworks.



It's actually now baked into rails itself. You can declare

    has_secure_password
in the model and you're away.


Why would you have to declare it?


Because it adds a few attributes (like 'password') and methods (like 'authenticate') to your model, and you might not really want such things on every one of your models.

Clarification: has_secure_password does NOT mean you choose between secure or non-secure password, it just mean "I want a password on this model, and better make it secure guys!"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: