Re: [Rails] Want to send password via SMS

On Wed, Jul 24, 2013 at 10:43 AM, honey ruby <emailtohoneyruby@gmail.com> wrote:

Hi I am saving password with hashed_password and salt in table. Now I need to send those passwords via SMS can it be possible.Kindly give me some suggestion plz .

This line, in the English language, can be understood as "Now I need those passwords" meaning the passwords before hashing, since you don't differentiate between the first mention of passwords and the hashed_password result. As a native English speaker, I'm letting you know that this is ambiguous and is what lead me to my understanding.

Now to answer all permutations of what you may have meant but don't seem interested in explaining further.

If the password you mention is the hashed password, that won't do the user any good. If you accept the hashed password when authenticating, then your system is horribly broken. Completely.

If the password you mention is the password before it was hashed, then you're also what is called a plaintext offender. You shouldn't do this either.

If your intent, regardless of your question, is the ability to send the user some kind of token that they can use to recover their account, then that also has some issues you should be aware of.

Security and privacy in this regard is highly important. I wouldn't trust SMS to be 'secure' in any way. It's not private. Thusly my suggestion of a one time pass token may work for you. You might need to employ some creativity to arrive at a more secure implementation.

If you don't wish to address our questions, perhaps you can provide a few questions that will help us help you.

~Spaceghost 

Thanks in advance

Cheers

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/c035582a-7895-4963-8e4c-e3b5cdf3145c%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CANuxHDNB%2BWRAF05GFycteApS9o%2BcVD6sqpEHS0Ebmj4wmvyGjg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.