Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have my authentication on my web app running on the devise gem. I was wondering if it was secure. Yes, it stores the passwords as hashes in the database, uses encrypted tokens after logging in etc. But how about in the initial log in phase? Does it send the user’s password unencrypted over the air (I dont have SSL)? Could it have the client encrypt it with a certain public key that only the server could decrypt? Or is SSL the only way to encrypt the user’s password?
Thanks!
“Be warned that HTTP Basic Authentication transmits the username and password in clear text, so you should not use this method for applications where a higher level of security is required.”
http://pivotallabs.com/users/ledwards/blog/articles/1534-http-basic-authentication-and-devise