8
votes
Vote UpVote

An Excuse Not to Roll Your Own Authentication Scheme

Craig Stuntz's Weblog – The Rails 3.1 Release Candidate announcement contained news of many new and useful features, plus these regretful words: has_secure_password: Dead-simple BCrypt-based passwords. Now there’s no excuse not to roll your own authentication scheme. I will briefly provide an excuse. "Simple BCrypt-based passwords" is a reasonable feature, but shouldn’t be mistaken for end-to-end authentication, or even a substantial subset of that problem. Web site authentication in the real world is a far harder problem than salting and hashing a password — which BCrypt does OK, as far as I know. You ...
Favorite? Off-Topic? Craig Stuntz @ 2011-05-26 20:13

Statistics

Visits: 706
Votes: 8
Favorites: 0
Off-Topic: 0

Visits by Source

User Actions

Users who voted for this posting

Alister Christie
Craig Stuntz
ket555
Primoz Gabrijelcic
Robert Love
stukelly
TOndrej
Zzzzz
Subscribe:
Contact us to advertise on DelphiFeeds.com

Community Links

Torry Firebird News

Sponsor

 
Please login or register to use this functionality.
(click on this box to dismiss)