This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Ruby on Rails Password Complexity Cheatsheet"
From OWASP
(Created page with "Enforcing password complexity in a web application is an essential step when preventing on-line password attacks. If you use devise to implement authentication in a rails app...") |
(published) |
||
Line 1: | Line 1: | ||
− | Enforcing password complexity in a web application is an essential step when preventing | + | Enforcing [[Authentication_Cheat_Sheet#Password_Complexity|password complexity]] in a web application is an essential step when preventing [[Blocking Brute Force Attacks|password attacks]]. |
− | |||
− | If you use devise to implement authentication in a rails app, you could use zxcvbn gem to | + | If you [[Ruby on Rails Authentication Cheatsheet|use devise]] to implement authentication in a rails app, you could use [https://github.com/bitzesty/devise_zxcvbn zxcvbn gem] to enforce password complexity. |
− | + | ||
+ | Install it using: | ||
+ | |||
+ | gem 'devise' | ||
+ | |||
+ | Configure your user model with it: | ||
+ | |||
+ | <syntaxhighlight lang="ruby" line='line'> | ||
+ | class User < ApplicationRecord | ||
+ | devise :database_authenticatable, | ||
+ | # other devise features, then | ||
+ | :zxcvbnable | ||
+ | end | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | And configure the required password complexity: | ||
+ | |||
+ | <syntaxhighlight lang="ruby" line='line'> | ||
+ | # in config/initializers/devise.rb | ||
+ | Devise.setup do |config| | ||
+ | # zxcvbn score for devise | ||
+ | config.min_password_score = 4 # complexity score here. | ||
+ | ... | ||
+ | </syntaxhighlight> |
Latest revision as of 14:51, 28 February 2018
Enforcing password complexity in a web application is an essential step when preventing password attacks.
If you use devise to implement authentication in a rails app, you could use zxcvbn gem to enforce password complexity.
Install it using:
gem 'devise'
Configure your user model with it:
class User < ApplicationRecord
devise :database_authenticatable,
# other devise features, then
:zxcvbnable
end
And configure the required password complexity:
# in config/initializers/devise.rb
Devise.setup do |config|
# zxcvbn score for devise
config.min_password_score = 4 # complexity score here.
...