I recommend you never set a password for a user. Instead, use the very flexible 
Devise Invitable module to create a user without any password set, and the 
requirement that s/he create a password before logging in. The only thing sent 
to the new user is a cryptic token link (and these time-bomb out after a 
definable time). As an admin, I do not want to be in the business of knowing 
(or having to remind my users of) their passwords -- that's what the "I 
forgot..." link is for!

Walter

On Jan 7, 2013, at 5:27 AM, Jérémie Horhant wrote:

> Here it is, the huge security hole... Mails are sent in clear text and 
> virtually anyone can read it.
> 
> I suggest you to generate a random password when an admin create a sub user. 
> Then in the same time send it by mail with obligation to
> change it when the user login
> 
> Or the simplest solution, generate a random password and don't send it. So 
> the password is "lost" and when the user will want to login he can use
> the "Forgottent password" link. Simple (all is ready in Devise) and secure
> 
> Le 07/01/2013 10:35, Saravanan P a écrit :
>> As a admin he can create many sub user and he will email user detail to the 
>> person who going to use that with application.
>> 
>> 
>> On Mon, Jan 7, 2013 at 2:53 PM, Colin Law <clan...@googlemail.com> wrote:
>> On 7 January 2013 07:59, Saravanan P <saravana...@shriramits.com> wrote:
>> > In my case, Admin user can create many different sub-users. And he can view
>> > their password too.. :(
>> 
>> That does not explain /why/ he needs to be able to view the passwords.
>> 
>> Colin
>> 
>> >
>> >
>> >
>> > On Mon, Jan 7, 2013 at 1:23 PM, Colin Law <clan...@googlemail.com> wrote:
>> >>
>> >> On 7 January 2013 06:39, Saravanan P <saravana...@shriramits.com> wrote:
>> >> > Hi Everyone
>> >> >
>> >> > i am using devise for authentication for my app.
>> >> > Is there any way, Admin user can view other users password as normal
>> >> > string.
>> >>
>> >> Why would you want to do that?
>> >>
>> >> Colin
>> >>
>> >> --
>> >> You received this message because you are subscribed to the Google Groups
>> >> "Ruby on Rails: Talk" group.
>> >> To post to this group, send email to rubyonrails-talk@googlegroups.com.
>> >> To unsubscribe from this group, send email to
>> >> rubyonrails-talk+unsubscr...@googlegroups.com.
>> >> For more options, visit https://groups.google.com/groups/opt_out.
>> >>
>> >>
>> >
>> >
>> >
>> > --
>> > Regards by
>> > Saravanan.P
>> >
>> > --
>> > You received this message because you are subscribed to the Google Groups
>> > "Ruby on Rails: Talk" group.
>> > To post to this group, send email to rubyonrails-talk@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > rubyonrails-talk+unsubscr...@googlegroups.com.
>> > For more options, visit https://groups.google.com/groups/opt_out.
>> >
>> >
>> 
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Ruby on Rails: Talk" group.
>> To post to this group, send email to rubyonrails-talk@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> rubyonrails-talk+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/groups/opt_out.
>> 
>> 
>> 
>> 
>> 
>> -- 
>> Regards by
>> Saravanan.P
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ruby on Rails: Talk" group.
>> To post to this group, send email to rubyonrails-talk@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> rubyonrails-talk+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>  
>>  
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> To unsubscribe from this group, send email to 
> rubyonrails-talk+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>  
>  
> <jeremie_horhant.vcf>

-- 
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to 
rubyonrails-talk+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


Reply via email to