[jifty-devel] Validating and encrypting passwords
Henry.Baragar at instantiated.ca
Wed Mar 28 09:34:19 EDT 2007
The topic is really about the order in which "validate_column" and "
before_set_column" get called, but the purpose is for implementing my own
authentication module that validates that new passwords meet corporate policy
and then encrypts them before storing them in the database.
It seems to me that the correct place to put password encryption is in the
"before_set_column" method, but this method gets called before
"validate_column". This means that "validate_column" tries to validate the
encrypted password (which does not work very well).
What is the reasoning for running "before_set_column" before
"validate_column"? (Particularly since there is a "canonize_column" that is
called before "validate_column").
If "before_set_column" is not the correct place to encrypt the password, then
where should it be done?
More information about the jifty-devel