Ok Thank you walter.
On Mon, Jan 7, 2013 at 10:43 PM, Walter Lee Davis <wa...@wdstudio.com>wrote: > I recommend you never set a password for a user. Instead, use the very > flexible Devise Invitable module to create a user without any password set, > and the requirement that s/he create a password before logging in. The only > thing sent to the new user is a cryptic token link (and these time-bomb out > after a definable time). As an admin, I do not want to be in the business > of knowing (or having to remind my users of) their passwords -- that's what > the "I forgot..." link is for! > > Walter > > On Jan 7, 2013, at 5:27 AM, Jérémie Horhant wrote: > > > Here it is, the huge security hole... Mails are sent in clear text and > virtually anyone can read it. > > > > I suggest you to generate a random password when an admin create a sub > user. Then in the same time send it by mail with obligation to > > change it when the user login > > > > Or the simplest solution, generate a random password and don't send it. > So the password is "lost" and when the user will want to login he can use > > the "Forgottent password" link. Simple (all is ready in Devise) and > secure > > > > Le 07/01/2013 10:35, Saravanan P a écrit : > >> As a admin he can create many sub user and he will email user detail to > the person who going to use that with application. > >> > >> > >> On Mon, Jan 7, 2013 at 2:53 PM, Colin Law <clan...@googlemail.com> > wrote: > >> On 7 January 2013 07:59, Saravanan P <saravana...@shriramits.com> > wrote: > >> > In my case, Admin user can create many different sub-users. And he > can view > >> > their password too.. :( > >> > >> That does not explain /why/ he needs to be able to view the passwords. > >> > >> Colin > >> > >> > > >> > > >> > > >> > On Mon, Jan 7, 2013 at 1:23 PM, Colin Law <clan...@googlemail.com> > wrote: > >> >> > >> >> On 7 January 2013 06:39, Saravanan P <saravana...@shriramits.com> > wrote: > >> >> > Hi Everyone > >> >> > > >> >> > i am using devise for authentication for my app. > >> >> > Is there any way, Admin user can view other users password as > normal > >> >> > string. > >> >> > >> >> Why would you want to do that? > >> >> > >> >> Colin > >> >> > >> >> -- > >> >> You received this message because you are subscribed to the Google > Groups > >> >> "Ruby on Rails: Talk" group. > >> >> To post to this group, send email to > rubyonrails-talk@googlegroups.com. > >> >> To unsubscribe from this group, send email to > >> >> rubyonrails-talk+unsubscr...@googlegroups.com. > >> >> For more options, visit https://groups.google.com/groups/opt_out. > >> >> > >> >> > >> > > >> > > >> > > >> > -- > >> > Regards by > >> > Saravanan.P > >> > > >> > -- > >> > You received this message because you are subscribed to the Google > Groups > >> > "Ruby on Rails: Talk" group. > >> > To post to this group, send email to > rubyonrails-talk@googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > rubyonrails-talk+unsubscr...@googlegroups.com. > >> > For more options, visit https://groups.google.com/groups/opt_out. > >> > > >> > > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups "Ruby on Rails: Talk" group. > >> To post to this group, send email to rubyonrails-talk@googlegroups.com. > >> To unsubscribe from this group, send email to > rubyonrails-talk+unsubscr...@googlegroups.com. > >> For more options, visit https://groups.google.com/groups/opt_out. > >> > >> > >> > >> > >> > >> -- > >> Regards by > >> Saravanan.P > >> -- > >> You received this message because you are subscribed to the Google > Groups "Ruby on Rails: Talk" group. > >> To post to this group, send email to rubyonrails-talk@googlegroups.com. > >> To unsubscribe from this group, send email to > rubyonrails-talk+unsubscr...@googlegroups.com. > >> For more options, visit https://groups.google.com/groups/opt_out. > >> > >> > > > > > > -- > > You received this message because you are subscribed to the Google > Groups "Ruby on Rails: Talk" group. > > To post to this group, send email to rubyonrails-talk@googlegroups.com. > > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > <jeremie_horhant.vcf> > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk@googlegroups.com. > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- Regards by Saravanan.P -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.