#123 ✓resolved
Jose Otavio R. Ferreira

Authentic model will encrypt password too soon

Reported by Jose Otavio R. Ferreira | June 12th, 2009 @ 07:05 PM

Hi Ben,

First of all, I'd like to congratulate you on the whole solution. Feels very "right", and I hope I can contribute in the future.

So here it is... when setting the password on a model that acts_as_authentic, I noticed that the salt and crypted password are set straight away, but I was wondering it that is a good idea... why not use a before_save callback instead? I mean, won't this a little hard on the performance?
For example, if a user is signing up for a new account, and some of the data was invalid, I still get a crypted pass, salt and even a perishable token in memory, which, at least for this case, could have been avoided, providing a quicker response. Once all validations are ok, and we are ready to save, then this could happen.

Well, just an idea... let me know what you think.

Comments and changes to this ticket

  • Ben Johnson

    Ben Johnson June 20th, 2009 @ 04:50 AM

    • State changed from “new” to “resolved”

    I see what you are saying, but at this point I feel like we are splitting hairs. If those things really are that big of a hit on performance by all means I will change it, but I don't know that it is. If this bothers, you fork the project and see if it is quite a bit faster and I'll pull in the changes. That should be a really simple change to make. Thanks for the suggestion.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.

People watching this ticket