Personal I created a web service that today receives a registry and a password, it makes a select in the bank and compares to see if the registry and password are equal, if yes it shows a few options.At that moment the password is being sent in pure text, I would implement security on it, either via hash or otherwise ...
I would like the application to send registration":102030" want to receive a hash and compare it with the hash of the BD;
Controller
def index
student = Student.new
return_dados = student.sqlValidatedLogin(params[:registration].to_s,params[:password].to_s)
render :json => return_dados
end
Model
def sqlValidatedLogin(registration,password)
query_student = "SELECT id, name, registration FROM students WHERE registration = "+
registration+" AND password = "+password
ActiveRecord::Base.connection.execute(query_student)
end
Does anyone have any idea how I can not send the password in plain text from Mobile via JSON