I recommend you never set a password for a user. Instead, use the very flexible Devise Invitable module to create a user without any password set, and the requirement that s/he create a password before logging in. The only thing sent to the new user is a cryptic token link (and these time-bomb out after a definable time). As an admin, I do not want to be in the business of knowing (or having to remind my users of) their passwords -- that's what the "I forgot..." link is for!
Walter On Jan 7, 2013, at 5:27 AM, Jérémie Horhant wrote: > Here it is, the huge security hole... Mails are sent in clear text and > virtually anyone can read it. > > I suggest you to generate a random password when an admin create a sub user. > Then in the same time send it by mail with obligation to > change it when the user login > > Or the simplest solution, generate a random password and don't send it. So > the password is "lost" and when the user will want to login he can use > the "Forgottent password" link. Simple (all is ready in Devise) and secure > > Le 07/01/2013 10:35, Saravanan P a écrit : >> As a admin he can create many sub user and he will email user detail to the >> person who going to use that with application. >> >> >> On Mon, Jan 7, 2013 at 2:53 PM, Colin Law <clan...@googlemail.com> wrote: >> On 7 January 2013 07:59, Saravanan P <saravana...@shriramits.com> wrote: >> > In my case, Admin user can create many different sub-users. And he can view >> > their password too.. :( >> >> That does not explain /why/ he needs to be able to view the passwords. >> >> Colin >> >> > >> > >> > >> > On Mon, Jan 7, 2013 at 1:23 PM, Colin Law <clan...@googlemail.com> wrote: >> >> >> >> On 7 January 2013 06:39, Saravanan P <saravana...@shriramits.com> wrote: >> >> > Hi Everyone >> >> > >> >> > i am using devise for authentication for my app. >> >> > Is there any way, Admin user can view other users password as normal >> >> > string. >> >> >> >> Why would you want to do that? >> >> >> >> Colin >> >> >> >> -- >> >> You received this message because you are subscribed to the Google Groups >> >> "Ruby on Rails: Talk" group. >> >> To post to this group, send email to rubyonrails-talk@googlegroups.com. >> >> To unsubscribe from this group, send email to >> >> rubyonrails-talk+unsubscr...@googlegroups.com. >> >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> >> >> > >> > >> > >> > -- >> > Regards by >> > Saravanan.P >> > >> > -- >> > You received this message because you are subscribed to the Google Groups >> > "Ruby on Rails: Talk" group. >> > To post to this group, send email to rubyonrails-talk@googlegroups.com. >> > To unsubscribe from this group, send email to >> > rubyonrails-talk+unsubscr...@googlegroups.com. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ruby on Rails: Talk" group. >> To post to this group, send email to rubyonrails-talk@googlegroups.com. >> To unsubscribe from this group, send email to >> rubyonrails-talk+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> >> >> >> -- >> Regards by >> Saravanan.P >> -- >> You received this message because you are subscribed to the Google Groups >> "Ruby on Rails: Talk" group. >> To post to this group, send email to rubyonrails-talk@googlegroups.com. >> To unsubscribe from this group, send email to >> rubyonrails-talk+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> > > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk@googlegroups.com. > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > > <jeremie_horhant.vcf> -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.