This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Ruby on Rails Password Complexity Cheatsheet"
From OWASP
(Created page with "Enforcing password complexity in a web application is an essential step when preventing on-line password attacks. If you use devise to implement authentication in a rails app...") |
(published) |
||
| Line 1: | Line 1: | ||
| − | Enforcing password complexity in a web application is an essential step when preventing | + | Enforcing [[Authentication_Cheat_Sheet#Password_Complexity|password complexity]] in a web application is an essential step when preventing [[Blocking Brute Force Attacks|password attacks]]. |
| − | |||
| − | If you use devise to implement authentication in a rails app, you could use zxcvbn gem to | + | If you [[Ruby on Rails Authentication Cheatsheet|use devise]] to implement authentication in a rails app, you could use [https://github.com/bitzesty/devise_zxcvbn zxcvbn gem] to enforce password complexity. |
| − | + | ||
| + | Install it using: | ||
| + | |||
| + | gem 'devise' | ||
| + | |||
| + | Configure your user model with it: | ||
| + | |||
| + | <syntaxhighlight lang="ruby" line='line'> | ||
| + | class User < ApplicationRecord | ||
| + | devise :database_authenticatable, | ||
| + | # other devise features, then | ||
| + | :zxcvbnable | ||
| + | end | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | And configure the required password complexity: | ||
| + | |||
| + | <syntaxhighlight lang="ruby" line='line'> | ||
| + | # in config/initializers/devise.rb | ||
| + | Devise.setup do |config| | ||
| + | # zxcvbn score for devise | ||
| + | config.min_password_score = 4 # complexity score here. | ||
| + | ... | ||
| + | </syntaxhighlight> | ||
Latest revision as of 14:51, 28 February 2018
Enforcing password complexity in a web application is an essential step when preventing password attacks.
If you use devise to implement authentication in a rails app, you could use zxcvbn gem to enforce password complexity.
Install it using:
gem 'devise'
Configure your user model with it:
class User < ApplicationRecord
devise :database_authenticatable,
# other devise features, then
:zxcvbnable
endAnd configure the required password complexity:
# in config/initializers/devise.rb
Devise.setup do |config|
# zxcvbn score for devise
config.min_password_score = 4 # complexity score here.
...
