Ok Thank you walter.

On Mon, Jan 7, 2013 at 10:43 PM, Walter Lee Davis <wa...@wdstudio.com>wrote:

> I recommend you never set a password for a user. Instead, use the very
> flexible Devise Invitable module to create a user without any password set,
> and the requirement that s/he create a password before logging in. The only
> thing sent to the new user is a cryptic token link (and these time-bomb out
> after a definable time). As an admin, I do not want to be in the business
> of knowing (or having to remind my users of) their passwords -- that's what
> the "I forgot..." link is for!
>
> Walter
>
> On Jan 7, 2013, at 5:27 AM, Jérémie Horhant wrote:
>
> > Here it is, the huge security hole... Mails are sent in clear text and
> virtually anyone can read it.
> >
> > I suggest you to generate a random password when an admin create a sub
> user. Then in the same time send it by mail with obligation to
> > change it when the user login
> >
> > Or the simplest solution, generate a random password and don't send it.
> So the password is "lost" and when the user will want to login he can use
> > the "Forgottent password" link. Simple (all is ready in Devise) and
> secure
> >
> > Le 07/01/2013 10:35, Saravanan P a écrit :
> >> As a admin he can create many sub user and he will email user detail to
> the person who going to use that with application.
> >>
> >>
> >> On Mon, Jan 7, 2013 at 2:53 PM, Colin Law <clan...@googlemail.com>
> wrote:
> >> On 7 January 2013 07:59, Saravanan P <saravana...@shriramits.com>
> wrote:
> >> > In my case, Admin user can create many different sub-users. And he
> can view
> >> > their password too.. :(
> >>
> >> That does not explain /why/ he needs to be able to view the passwords.
> >>
> >> Colin
> >>
> >> >
> >> >
> >> >
> >> > On Mon, Jan 7, 2013 at 1:23 PM, Colin Law <clan...@googlemail.com>
> wrote:
> >> >>
> >> >> On 7 January 2013 06:39, Saravanan P <saravana...@shriramits.com>
> wrote:
> >> >> > Hi Everyone
> >> >> >
> >> >> > i am using devise for authentication for my app.
> >> >> > Is there any way, Admin user can view other users password as
> normal
> >> >> > string.
> >> >>
> >> >> Why would you want to do that?
> >> >>
> >> >> Colin
> >> >>
> >> >> --
> >> >> You received this message because you are subscribed to the Google
> Groups
> >> >> "Ruby on Rails: Talk" group.
> >> >> To post to this group, send email to
> rubyonrails-talk@googlegroups.com.
> >> >> To unsubscribe from this group, send email to
> >> >> rubyonrails-talk+unsubscr...@googlegroups.com.
> >> >> For more options, visit https://groups.google.com/groups/opt_out.
> >> >>
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > Regards by
> >> > Saravanan.P
> >> >
> >> > --
> >> > You received this message because you are subscribed to the Google
> Groups
> >> > "Ruby on Rails: Talk" group.
> >> > To post to this group, send email to
> rubyonrails-talk@googlegroups.com.
> >> > To unsubscribe from this group, send email to
> >> > rubyonrails-talk+unsubscr...@googlegroups.com.
> >> > For more options, visit https://groups.google.com/groups/opt_out.
> >> >
> >> >
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups "Ruby on Rails: Talk" group.
> >> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> >> To unsubscribe from this group, send email to
> rubyonrails-talk+unsubscr...@googlegroups.com.
> >> For more options, visit https://groups.google.com/groups/opt_out.
> >>
> >>
> >>
> >>
> >>
> >> --
> >> Regards by
> >> Saravanan.P
> >> --
> >> You received this message because you are subscribed to the Google
> Groups "Ruby on Rails: Talk" group.
> >> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> >> To unsubscribe from this group, send email to
> rubyonrails-talk+unsubscr...@googlegroups.com.
> >> For more options, visit https://groups.google.com/groups/opt_out.
> >>
> >>
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Ruby on Rails: Talk" group.
> > To post to this group, send email to rubyonrails-talk@googlegroups.com.
> > To unsubscribe from this group, send email to
> rubyonrails-talk+unsubscr...@googlegroups.com.
> > For more options, visit https://groups.google.com/groups/opt_out.
> >
> >
> > <jeremie_horhant.vcf>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> To unsubscribe from this group, send email to
> rubyonrails-talk+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>


-- 
Regards by
Saravanan.P

-- 
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to 
rubyonrails-talk+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


Reply via email to