Carview!

CARVIEW

MOTORHOMES

Select Language

HTTP/2 200 server: nginx date: Fri, 22 Aug 2025 03:36:40 GMT content-type: text/html; charset=utf-8 x-archive-orig-server: nginx/0.6.26 x-archive-orig-date: Mon, 27 Jul 2009 04:56:33 GMT x-archive-orig-connection: close x-archive-orig-status: 200 OK x-archive-orig-x-runtime: 667ms x-archive-orig-etag: "2771664310f7733c58a5bec1f3dac079" x-archive-orig-cache-control: private, max-age=0, must-revalidate x-archive-orig-content-length: 57920 x-archive-guessed-content-type: text/html x-archive-guessed-charset: utf-8 memento-datetime: Mon, 27 Jul 2009 04:56:33 GMT link: ; rel="original", ; rel="timemap"; type="application/link-format", ; rel="timegate", ; rel="first memento"; datetime="Sun, 19 Apr 2009 06:19:28 GMT", ; rel="prev memento"; datetime="Sat, 16 May 2009 06:13:55 GMT", ; rel="memento"; datetime="Mon, 27 Jul 2009 04:56:33 GMT", ; rel="next memento"; datetime="Thu, 06 Aug 2009 06:01:45 GMT", ; rel="last memento"; datetime="Wed, 26 Feb 2025 16:32:29 GMT" content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org athena.archive.org analytics.archive.org pragma.archivelab.org wwwb-events.archive.org x-archive-src: 51_10_20090726174712_crawl103.gpg-c/51_10_20090727045425_crawl101.arc.gz server-timing: captures_list;dur=0.995920, exclusion.robots;dur=0.021406, exclusion.robots.policy;dur=0.012845, esindex;dur=0.009706, cdx.remote;dur=5.810301, LoadShardBlock;dur=233.105470, PetaboxLoader3.datanode;dur=129.343379, PetaboxLoader3.resolve;dur=241.349126, load_resource;dur=173.446937 x-app-server: wwwb-app200 x-ts: 200 x-tr: 502 server-timing: TR;dur=0,Tw;dur=0,Tc;dur=1 set-cookie: wb-p-SERVER=wwwb-app200; path=/ x-location: All x-rl: 0 x-na: 0 x-page-cache: MISS server-timing: MISS x-nid: DigitalOcean referrer-policy: no-referrer-when-downgrade permissions-policy: interest-cohort=() content-encoding: gzip Issues - binarylogic/authlogic - GitHub

binarylogic / authlogic

1600

Description:

A clean, simple, and unobtrusive ruby authentication solution.

Sort by: Priority | Votes | Last Updated

Loading…

13.

0 votes

Testing section link to docs wrong
0 comments Created 21 days ago by adamsalter

Title

Body
Authlogic::TestCase docs in README points to: https://authlogic.rubyforge.org/classes/Authlogic/TestCase.html which is broken. Should point to rdoc.info...
or cancel

Authlogic::TestCase docs in README points to:
https://authlogic.rubyforge.org/classes/Authlogic/TestCase.html
which is broken. Should point to rdoc.info...

Comments

Parsed with GitHub Flavored Markdown
14.

0 votes

Suggested features and/or tutorials
0 comments Created 14 days ago by snoblenet

Title

Body
Love your work. Incredibly useful. Some suggested features and/or tutorials: # Users creates a session before creating their account, and retains their session data through the process. For example, user adds items to shopping cart before creating account, then creates account in order to buy. # System sends confirmation email to user when they create account. User clicks link in confirmation email to complete account registration process. # User edit page asks for old password before allowing user to create new password.
or cancel

Love your work. Incredibly useful.

Some suggested features and/or tutorials:

Users creates a session before creating their account, and retains their session data through the process. For example, user adds items to shopping cart before creating account, then creates account in order to buy.

System sends confirmation email to user when they create account. User clicks link in confirmation email to complete account registration process.

User edit page asks for old password before allowing user to create new password.

Comments

Parsed with GitHub Flavored Markdown
15.

0 votes

Mongomapper
0 comments Created 6 days ago by kless

Title

Body
Does Authlogic could to working with Mongomapper (a wrapper to MongoDB)? https://railstips.org/2009/6/27/mongomapper-the-rad-mongo-wrapper
or cancel

Does Authlogic could to working with Mongomapper (a wrapper to MongoDB)?

https://railstips.org/2009/6/27/mongomapper-the-rad-mongo-wrapper

Comments

Parsed with GitHub Flavored Markdown
16.

0 votes

Fixes on hash and crypto. stuff
2 comments Created 4 days ago by kless

Title

Body
https://github.com/binarylogic/authlogic/blob/81af95e639570822667ec817f42aaad54f8865ed/lib/authlogic/random.rb#L16 ---------------------------------------------------------------- By default SecureRandom [1] uses 16 bytes (which has an entropy of 128 bits [2]), so: SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n") should be: SecureRandom.base64().tr('+/=', '-_ ').rstrip [1] https://api.rubyonrails.org/classes/ActiveSupport/SecureRandom.html#M001107 [2] https://bitbucket.org/ares/cryha/src/tip/doc/sym_crypto.txt#cl-113 https://github.com/binarylogic/authlogic/blob/81af95e639570822667ec817f42aaad54f8865ed/lib/authlogic/random.rb#L11 ---------------------------------------------------------------- SecureRandom.hex(64) Why do use 64 bytes? It shoulds be SecureRandom.hex() which uses 16 random bytes to return them into a hexadecimal string. Use hash instead of encrypted ---------------------------------------------------------------- Another thing. I've seen that it's used 'encrypted' or 'crypted' to refer to the hashs. An hash is not a cryptographic algorithm, they are both different. Please use 'hash' to refer a SHA and any term related to crypto. to refer to AES.
or cancel

https://github.com/binarylogic/authlogic/blob/81af95e639570822667ec817f42aaad54f8865ed/lib/authlogic/random.rb#L16

By default SecureRandom [1] uses 16 bytes (which has an entropy of 128 bits [2]), so:

SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")

should be:

SecureRandom.base64().tr('+/=', '-_ ').rstrip

[1] https://api.rubyonrails.org/classes/ActiveSupport/SecureRandom.html#M001107

[2] https://bitbucket.org/ares/cryha/src/tip/doc/sym_crypto.txt#cl-113

https://github.com/binarylogic/authlogic/blob/81af95e639570822667ec817f42aaad54f8865ed/lib/authlogic/random.rb#L11

SecureRandom.hex(64)

Why do use 64 bytes?

It shoulds be

SecureRandom.hex()

which uses 16 random bytes to return them into a hexadecimal string.

Use hash instead of encrypted

Another thing. I've seen that it's used 'encrypted' or 'crypted' to refer to the hashs. An hash is not a cryptographic algorithm, they are both different. Please use 'hash' to refer a SHA and any term related to crypto. to refer to AES.

Comments

thedarkone Thu Jul 23 10:10:35 -0700 2009 | link

Hey kless,

I wrote the code in question. Good call with rstrip instead of strip. I also kinda missed that SecureRandom already does .delete("\n"), so that is also redundant. The reason I only use 15 bytes is because I wanted to be fully compatible with the previous ad-hoc implementation that always produced 20 character tokens.

Same thing with hex_token, the original implementation returned 64 bytes (128 characters).

Comment
Hey kless, I wrote the code in question. Good call with `rstrip` instead of `strip`. I also kinda missed that `SecureRandom` already does `.delete("\n")`, so that is also redundant. The reason I only use 15 bytes is because I wanted to be fully compatible with the previous ad-hoc implementation that always produced 20 character tokens. Same thing with `hex_token`, the original implementation returned 64 bytes (128 characters).
or cancel

kless Fri Jul 24 00:27:53 -0700 2009 | link

Hi thedarkone,

thanks for contributing to this great plugin. This is the great thing respect to open software; whatever person to can check the code and make it better. In my case I know anything about security and I'm very strict respect to it.

Today it's very common (and recommended) to use an entropy of 128 bits (16 bytes) which it's used too in the initialization vectors (IV) of criptogaphic algorithms, and I'm sure that it's by that reason because SecureRandom returns 16 bytes by default.

So, at least for me, I think that the security is more important that the compatibility, and in this case I think that the change doesn't hurts.

In the next documents is explained any basic things about criptography and hashes:

https://bitbucket.org/ares/cryha/src/tip/doc/hash.txt
https://bitbucket.org/ares/cryha/src/tip/doc/sym_crypto.txt

Greetings!

Comment
Hi thedarkone, thanks for contributing to this great plugin. This is the great thing respect to open software; whatever person to can check the code and make it better. In my case I know anything about security and *I'm very strict respect to it*. Today it's very common (and recommended) to use an entropy of 128 bits (16 bytes) which it's used too in the initialization vectors (IV) of criptogaphic algorithms, and I'm sure that it's by that reason because SecureRandom returns 16 bytes by default. So, at least for me, I think that the security is more important that the compatibility, and in this case I think that the change doesn't hurts. In the next documents is explained any basic things about criptography and hashes: https://bitbucket.org/ares/cryha/src/tip/doc/hash.txt https://bitbucket.org/ares/cryha/src/tip/doc/sym_crypto.txt Greetings!
or cancel

Parsed with GitHub Flavored Markdown
17.

1 vote

Store bytes instead of string encoded in hexa./base64
0 comments Created 3 days ago by kless

Title

Body
* The salt is being saved in base64 getting 22 chars but If it's stored as bytes strings it were only 16 chars. The difference is very great when you have 100K o 1M of users. * The same happens with the hashes which are being saved in hexadecimal, althought the difference is a lot of great. Digest::SHA512.hexdigest => 128 chars. instead of Digest::SHA512.digest => 64 chars.
or cancel
- The salt is being saved in base64 getting 22 chars but If it's stored as bytes strings it were only 16 chars. The difference is very great when you have 100K o 1M of users.
- The same happens with the hashes which are being saved in hexadecimal, althought the difference is a lot of great.
Digest::SHA512.hexdigest => 128 chars.

instead of

Digest::SHA512.digest => 64 chars.
Comments

Parsed with GitHub Flavored Markdown
18.

0 votes

SHA-512 is overkill
0 comments Created 3 days ago by kless

Title

Body
*SHA-512* is overkill for a web application. It would be best if it'd use SHA-256 by default but that the developer could change to SHA-384 or SHA-512. In addition with a digest of 512 bytes you get 64 bytes, and with 256 bytes you get 32 chars. Bruce Schneier has said: "I have, and continue to, recommend *SHA-256* for immediate applications, and will probably continue to recommend the algorithm until this process (a new secure hash standard) is completed. *SHA-384* and *SHA-512* are also fine, but overkill for most applications." https://www.schneier.com/blog/archives/2007/02/a_new_secure_ha.html
or cancel

SHA-512 is overkill for a web application. It would be best if it'd use SHA-256 by default but that the developer could change to SHA-384 or SHA-512.

In addition with a digest of 512 bytes you get 64 bytes, and with 256 bytes you get 32 chars.

Bruce Schneier has said: "I have, and continue to, recommend SHA-256 for
immediate applications, and will probably continue to recommend the algorithm
until this process (a new secure hash standard) is completed. SHA-384 and SHA-512 are also fine, but overkill for most applications."

https://www.schneier.com/blog/archives/2007/02/a_new_secure_ha.html

Comments

Parsed with GitHub Flavored Markdown
19.

0 votes

Login authentication encounters an error running Passenger 2.1.2 and Rails 2.3.3
0 comments Created 3 days ago by jdutil

Title

Body
I am not sure if this bug is related to authlogic not being compatible with rails 2.3.3 or not, but I encounter an undefined method 'rewind' for #<TCPSocket> error when attempting to login using authlogic. This only occurs for me when attempting to use Rails 2.3.3. Once I switch back to 2.3.2 everything works fine. Here is a backtrace: Status: 500 Internal Server Error undefined method `rewind' for #<TCPSocket:0x2536630> /Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/request.rb:150:in `POST' /Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/methodoverride.rb:15:in `call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/params_parser.rb:15:in `call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/session/cookie_store.rb:93:in `call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/reloader.rb:29:in `call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/failsafe.rb:26:in `call' /Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in `call' /Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in `synchronize' /Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in `call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/dispatcher.rb:106:in `call' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/rack/request_handler.rb:65:in `process_request' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_request_handler.rb:197:in `main_loop' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:340:in `start_request_handler' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:298:in `handle_spawn_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/utils.rb:176:in `safe_fork' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:296:in `handle_spawn_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `__send__' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `main_loop' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:182:in `start_synchronously' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:149:in `start' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:192:in `start' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:260:in `spawn_rails_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:121:in `lookup_or_add' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:254:in `spawn_rails_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:75:in `synchronize' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:74:in `synchronize' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:253:in `spawn_rails_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:148:in `spawn_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:285:in `handle_spawn_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `__send__' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `main_loop' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:182:in `start_synchronously' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/bin/passenger-spawn-server:50
or cancel
I am not sure if this bug is related to authlogic not being compatible with rails 2.3.3 or not, but I encounter an undefined method 'rewind' for # error when attempting to login using authlogic. This only occurs for me when attempting to use Rails 2.3.3. Once I switch back to 2.3.2 everything works fine. Here is a backtrace:

Status: 500 Internal Server Error undefined method `rewind' for #<TCPSocket:0x2536630>
```
/Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/request.rb:150:in `POST'
/Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/methodoverride.rb:15:in `call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/params_parser.rb:15:in `call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/session/cookie_store.rb:93:in `call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/reloader.rb:29:in `call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/failsafe.rb:26:in `call'
/Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in `call'
/Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in `synchronize'
/Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in `call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/dispatcher.rb:106:in `call'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/rack/request_handler.rb:65:in `process_request'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_request_handler.rb:197:in `main_loop'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:340:in `start_request_handler'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:298:in `handle_spawn_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/utils.rb:176:in `safe_fork'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:296:in `handle_spawn_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `__send__'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `main_loop'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:182:in `start_synchronously'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:149:in `start'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:192:in `start'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:260:in `spawn_rails_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:121:in `lookup_or_add'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:254:in `spawn_rails_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:75:in `synchronize'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:74:in `synchronize'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:253:in `spawn_rails_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:148:in `spawn_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:285:in `handle_spawn_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `__send__'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `main_loop'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:182:in `start_synchronously'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/bin/passenger-spawn-server:50
```
Comments

Parsed with GitHub Flavored Markdown