If you know, you know.
But seriously, the Bcrypt gem is absolutely wonderful when you’re working with Ruby.
The purpose of the Bcrypt gem is to “salt” passwords, or more simply put, encrypt them so that even you, the developer have no access to a user’s password. This will also protect your users information from hackers. When I first used the gem, it was great to realize that I am really the one responsible for remembering my own passwords. I’m still working on the remembering part.
To get started with the gem, you first need to install it. You can do that with,
gem install ‘bcrypt’
Or by adding it to your Gemfile,
gem ‘bcrypt’
and running ‘bundle install’
Once you have the Bcrypt gem and all it’s dependencies installed, your application now has been opened to a world of additional methods to aide you in your application development.
The first place you’ll want to make use of Bcrypt is in your user database. To do so you’ll want to make sure that you set up your “password” attribute to be ‘password_digest’ and not just ‘password’. It will still be a string, and everywhere else your application needs access to it, you can simply call ‘password’. With this line, you are making sure your Database knows to salt the password like we want.
The next step, is to ensure your models have a Bcrypt method within them. That method will be ‘has_secure_password’. This method will allow for authentication within your app plus a few validations. Authentication, again, is simply “you are who you say you are”. Some validations that it automatically provides will be the requirement of password presence when created, as well as a maximum length for the password.
It’s important to remember that Bcrypt is by no means the solution to all your security concerns. However, when using Ruby it is a great additional step that I recommend you take. These are only a few things it can do but as you may know, Ruby magic is almost never ending so be sure to read the documentation for even more on the Bcrypt gem.
