[jifty-devel] Validating and encrypting passwords

Henry Baragar Henry.Baragar at instantiated.ca
Wed Mar 28 09:34:19 EDT 2007


The topic is really about the order in which "validate_column" and " 
before_set_column" get called, but the purpose is for implementing my own 
authentication module that validates that new passwords meet corporate policy 
and then encrypts them before storing them in the database.

It seems to me that the correct place to put password encryption is in the 
"before_set_column" method, but this method gets called before 
"validate_column".  This means that "validate_column" tries to validate the 
encrypted password (which does not work very well).

What is the reasoning for running "before_set_column" before 
"validate_column"?  (Particularly since there is a "canonize_column" that is 
called before "validate_column").

If "before_set_column" is not the correct place to encrypt the password, then 
where should it be done?


More information about the jifty-devel mailing list