Here it is, the huge security hole... Mails are sent in clear text and
virtually anyone can read it.

I suggest you to generate a random password when an admin create a sub
user. Then in the same time send it by mail with obligation to
change it when the user login

Or the simplest solution, generate a random password and don't send it.
So the password is "lost" and when the user will want to login he can use
the "Forgottent password" link. Simple (all is ready in Devise) and secure

Le 07/01/2013 10:35, Saravanan P a écrit :
> As a admin he can create many sub user and he will email user detail
> to the person who going to use that with application.
>
>
> On Mon, Jan 7, 2013 at 2:53 PM, Colin Law <clan...@googlemail.com
> <mailto:clan...@googlemail.com>> wrote:
>
>     On 7 January 2013 07:59, Saravanan P <saravana...@shriramits.com
>     <mailto:saravana...@shriramits.com>> wrote:
>     > In my case, Admin user can create many different sub-users. And
>     he can view
>     > their password too.. :(
>
>     That does not explain /why/ he needs to be able to view the passwords.
>
>     Colin
>
>     >
>     >
>     >
>     > On Mon, Jan 7, 2013 at 1:23 PM, Colin Law
>     <clan...@googlemail.com <mailto:clan...@googlemail.com>> wrote:
>     >>
>     >> On 7 January 2013 06:39, Saravanan P
>     <saravana...@shriramits.com <mailto:saravana...@shriramits.com>>
>     wrote:
>     >> > Hi Everyone
>     >> >
>     >> > i am using devise for authentication for my app.
>     >> > Is there any way, Admin user can view other users password as
>     normal
>     >> > string.
>     >>
>     >> Why would you want to do that?
>     >>
>     >> Colin
>     >>
>     >> --
>     >> You received this message because you are subscribed to the
>     Google Groups
>     >> "Ruby on Rails: Talk" group.
>     >> To post to this group, send email to
>     rubyonrails-talk@googlegroups.com
>     <mailto:rubyonrails-talk@googlegroups.com>.
>     >> To unsubscribe from this group, send email to
>     >> rubyonrails-talk+unsubscr...@googlegroups.com
>     <mailto:rubyonrails-talk%2bunsubscr...@googlegroups.com>.
>     >> For more options, visit https://groups.google.com/groups/opt_out.
>     >>
>     >>
>     >
>     >
>     >
>     > --
>     > Regards by
>     > Saravanan.P
>     >
>     > --
>     > You received this message because you are subscribed to the
>     Google Groups
>     > "Ruby on Rails: Talk" group.
>     > To post to this group, send email to
>     rubyonrails-talk@googlegroups.com
>     <mailto:rubyonrails-talk@googlegroups.com>.
>     > To unsubscribe from this group, send email to
>     > rubyonrails-talk+unsubscr...@googlegroups.com
>     <mailto:rubyonrails-talk%2bunsubscr...@googlegroups.com>.
>     > For more options, visit https://groups.google.com/groups/opt_out.
>     >
>     >
>
>     --
>     You received this message because you are subscribed to the Google
>     Groups "Ruby on Rails: Talk" group.
>     To post to this group, send email to
>     rubyonrails-talk@googlegroups.com
>     <mailto:rubyonrails-talk@googlegroups.com>.
>     To unsubscribe from this group, send email to
>     rubyonrails-talk+unsubscr...@googlegroups.com
>     <mailto:rubyonrails-talk%2bunsubscr...@googlegroups.com>.
>     For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
>
>
> -- 
> Regards by
> Saravanan.P
> -- 
> You received this message because you are subscribed to the Google
> Groups "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> To unsubscribe from this group, send email to
> rubyonrails-talk+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>  
>  

-- 
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to 
rubyonrails-talk+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


<<attachment: jeremie_horhant.vcf>>

Reply via email to