Ruby on Rails

Emil S. wrote in post #1116233:

> I use email for login , so I do this in the console/database seed file :
>     User.create(email: 'test@test.com', password: 'password123',
> password_confirmation: 'password123')
> Then I log in with the "test@test.com" and "password123"

Personally speaking, I generally dislike the practice of using email
addresses as usernames. Yes, it has a certain convenience. Convenience
will always be in contention with security.

There are a number of reasons for this:

1. If the site gets hacked there is no way to protect email addresses
from exposure. If email addresses are kept separate from the user
account information then it is at least possible to protect them from a
hack against the user login info.

2. If a user changes their email address (or otherwise loses control of
their email account) they have no way to verify themselves in case they
need to reset their password.

--
Posted via http://www.ruby-forum.com/.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/109f507533ae30c67151c56b115d7a16%40ruby-forum.com.

For more options, visit https://groups.google.com/groups/opt_out.