Yes, this is kind of a creeping migration, i.e. an user will be migrated as soon as he's successfully being authenticated the first time.
What I think of is increasing the security level for all existing users before they login the first time: immediately migrating all passwords to bcrypt(old hash). The question is if this will really achieve the security level of bcrypt for existing user accounts. br Luma Am Sonntag, 7. Juni 2015 17:42:15 UTC+2 schrieb Walter Lee Davis: > > > I think what I would do is add a new set of fields to the existing user > record for the new password types, and a boolean column to switch between > which one to use. Once all your users are migrated to the new version, you > can close off the old method. Something like this pseudocode: > > if the boolean is false, test given password against old hash > > if it passes > re-hash the given password with the new algorithm > set the boolean > set the new hash column > save > redirect > if not > whatever you currently do > end > > Walter > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/a2ba755e-509c-40a4-847e-59d9aa4c5a24%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
