0

At my company we're designing a new flow for our user to register. User and Company are very closely tied to each other. Due to several reasons we can't create the user and the company one after the other but we need to create them at the same time.

However as our form is on several steps, we collect all the user input in a separate Registration model in a jsonb attribute and then create the user and company at the end of the process from this intermediate model.

One of the problem is that we collect the user password. However as we're storing the registration in our database, the password is exposed.

How would you try to protect this?

EDIT: We're using Bcrypt to encrypt password

Improve this question
2
  • are you using bcrypt to encrypt password? Commented Jul 13, 2017 at 10:22
  • Hi @Sajin, yes we are. Commented Jul 13, 2017 at 10:35

1 Answer 1

Reset to default
1

I have not tried this but I guess this will work. You can use the following code to encrypt the password before storing it as intermediate json.

my_password = BCrypt::Password.create("my password")

If you have designed the User model properly, there will be a password_digest field in your table. So while saving encrypted password, use:

@user.password_digest = my_password

instead of 

@user.password = my_password

where you expect encryption to take place in the background.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.