Dmitry Maksyoma wrote in post #1081303: > No, I'm not using auth engine, I only use `has_secure_password'. I've > tried > removing that and adding `attr_accessor :password, > :password_confirmation' > and it didn't change a thing, so it seems to be the default Rails > behaviour. > > My view: http://pastebin.com/s7tpwN4D
I'm not 100% sure about this, but I have a feeling that behavior exists for security reasons. The primary concern about providing a password to a server is limiting the amount of time the cleartext version exists. In fact I'd be willing to wager that the hashing occurs in the RACK middleware, which means your Rails application never sees the cleartext password, and therefore would not have it to send back in the response. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
