Posted 4 months ago. Visible to the public.

Best Practice: Creating User Accounts Without Sending the Password

In applications without a sign-up, user accounts are usually created by an admin. This imposes two challenges:

  • How to transmit the password securely and
  • How to make the user change the initial password immediately

There is a simple solution: create the account with a secret password, then ask the user to use the password reset with his user name.

Does your version of Ruby on Rails still receive security updates?
Rails LTS provides security patches for old versions of Ruby on Rails (3.2 and 2.3).

Owner of this card:

Avatar
Dominik Schöler
Last edit:
4 months ago
by Dominik Schöler
About this deck:
We are makandra and do test-driven, agile Ruby on Rails software development.
License for source code
Posted by Dominik Schöler to makandra dev
This website uses cookies to improve usability and analyze traffic.
Accept or learn more