Menu
in devise rails gem, what is the difference between these two?
I have seen the :encrypted_password field in the generated schema but not :password field.
Any explanations if these two are interconnected with each other?
246
asked Sep 18 '25 23:09
Devise::Models::DatabaseAuthenticatable has a setter for that:
def password=(new_password)
@password = new_password
self.encrypted_password = password_digest(@password) if @password.present?
end
So you should set the password as if there was a password field, devise will take care of encrypting it.
As @spickermann already pointed out - plain text password should never be stored anywhere and should filtered out from logs/error messages and so on, because this produces a huge security risk: the encrypted password leak is not totally harmless, but not dangerous that much.
60
password is the plain text the user set as his password (and plain text password should never be stored anywhere). encrypted_password this the encrypted version of this password.
You might want to read SecurePassword.
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
