1
Personal created a web service that today receives a registration and a password, it makes a select in the database and compares see if the registration and password are equal, if yes it shows some options. However at this time the password is being sent in plain text, I would like to implement security in it, either via hash or otherwise...
I would like the application instead of sending registration":102030" want to receive a hash and compare it to the BD hash;
Controler
def index
student = Student.new
return_dados = student.sqlValidatedLogin(params[:registration].to_s,params[:password].to_s)
render :json => return_dados
end
Model
def sqlValidatedLogin(registration,password)
query_student = "SELECT id, name, registration FROM students WHERE registration = "+
registration+" AND password = "+password
ActiveRecord::Base.connection.execute(query_student)
end
Does anyone have any idea how I might not send the password in plain Mobile text via JSON