SecureRandom -- Stop writing your own random number and string generators - Momoro Machine

back

SecureRandom -- Stop writing your own random number and string generators

Stop writing your own random string generators. Rails does this for you.

In many code bases I’ll see something like this:



require 'digest/sha1'

def generate_temporary_password
    self.password = Digest::SHA1.hexdigest(Time.now.to_s.split(//).sort_by{rand}.join)
end

This is gratuitous, since Ruby 1.9 and Ruby 1.8 with ActiveSupport give this to you for free. For the specifics, see this commit by Hongli.

Outside of Rails, you can use it like this:


>> require 'active_support/secure_random'
=> true
>> ActiveSupport::SecureRandom.hex(10)
=> "8a2cf0a838e64f6f85d1"
>> ActiveSupport::SecureRandom.base64(10)
=> "fUL81hGd77YyGg=="

Inside of Rails, you can use it like this:

1	SecureRandom.hex(10)

September 22, 2009

Real-time Web Analytics by Mixpanel

Recently,

access control allow origin localhost 3000 Ruby debugger rc file Hack the planet Websql vs indexeddb left outer joins in rails/arel and left outer joins with where pg_bulkload notes Communicate in real time with the people around you Reduce choices and friction Seed vs production data Execution Clear apparently stores passwords in the clear and all of their customer service reps can access them Why most e-mail marketing fails How to be the coder responsible for a medium-sized web product Focus on the unknown Project search vs My kitchen On partials Skip test and development gem environments on Heroku Mongoid's delete_all is way too epic Using SSL in Rails 3 Manager-driven-development Bundle install without test or development Database Cleaning with Cucumber, Machinist 2, Rails 3, DatabaseCleaner, Mysql2 and Mongoid Questions to ask oneself Recursively grep files for a string and show line numbers Sending mail from the command line in linux Mac Vim Speed Tips Rails 3 Cucumber / Machinist Tutorial: Machinist with Cucumber in 10 minutes Getting started with Chef tutorial Learning how to run a startup from Clear's horrible customer service Deleting messages to a specific recipient from the postfix queue Communicating with the Boss: Yes/No, Multiple Choice Cleaning e-mails from the console Using debugger in Rails 3 Using mongrel in development mode for Rails 3 How to turn ideas into worthwhile features How Jason Fried avoids feature bloat The solution to almost every hard bug when using cucumber I'm hiring A rather sad Rails commit Recruit virtual mentors Are you living in a cave? Rails Star Ratings Plugin Comparison Ideas vs Features Decisions, motivation, and commitment Revisiting the hidden cost of features Avoid test specific code The least you should know about S3 with Rails Journalists should stop typing "real time" and "cloud" Ruby Gotcha: Precedence of array insertion and or operators A few notes from a technical perspective Setting up Amazon RDS for Heroku / Rails solution to fix issue where heroku doesn't serve css, images and static files CSS Rant - 1 year later Ruby: Check if two arrays have any elements in common Ted Dziuba When to use Object#try SecureRandom -- Stop writing your own random number and string generators Mysql count the number of rows returned Keeping controllers empty with faux attributes OT: How not to get rails consulting jobs set passenger RailsMaxPoolSize / PassengerMaxPoolSize to actually work + how many instances of passenger to have for rails Mysql count the number of rows returned with group by or having 3 bugs that will screw you 4 steps to a cleaner rails view No Notes on lean design How to not fail in front of 43,000 people: The importance of following up Warning Explanation: actionpack-2.3.2/lib/action_controller/record_identifier.rb:76: warning: Object#id will be deprecated; use Object#object_id Basics: Why every rails dev should track 404 pages Links on my mind this weekend Page flow optimization worksheet Quickly export a table to CSV in the rails console with FasterCSV Non-shared learning is pointless Everything breaks The random person test When to use .nil? in Ruby methods When to use self in Rails models Eric Ries and Steve Blank 8 tips for testing Rails apps with Cucumber Debugging Rails 2.3.2 Apps with Rack::Bug How to Fix Authlogic can't logout issue New Github v2 API Summary The Project Management tool trap Analytics tip: What did they do after they paid? How to keep up with Ruby: 8 people to follow on Github Customer driven iteration vs Whiteboard driven iteration Quotes: A faster way to write Ruby IRB tip: Try again faster More on data driven design Data driven design Belated april fools Using Wikipedia and Ruby to make timelines Github tip: Proxen 2-minute Ruby Refactoring: Use local variables (sometimes) 2 Tips for Rails view formatting How to end the webrat popups 3 questions for conversion rate love How can you make it moot? 3 ways to end the discussion Ruby IRB tip, load files faster Testing picture / file uploads with webrat and cucumber How to know when your ui is using the right dsl Bash aliases for ruby / rails / cucumber developers Install rails plugin from git repo with branch Newspaper articles are communities Github Tuesday ActiveRecord + sqlite + in memory db + without rails What's coming on Github: 5 Projects to watch Easily receive pop e-mail in rails Clarity: A reminder Startup tip: Skip e-mail and chat That fwooom feeling Model#each in rails 2.3 rc2 What I'm watching on github Painless slicehost rails deployment with the slicehost gem Rails Cucumber / Machinist Tutorial: Machinist with Cucumber in 10 minutes Instance Eval tutorial And behold there were 4 plugins! Safari: bummer NYT: Putting a Bolder Face on Google Keyword search in the safari address bar Checking for infinity and NaN in ruby checking for magick/MagickCore.h... no `annotate': unable to read font `/System/Library/Fonts/Times.dfont' @ annotate.c/RenderFreetype/1315: `(null)' (Magick::ImageMagickError) Ruby Splat: Definitive example set in 1.8.6 and 1.9.1 (Aka ruby star, ruby unarray, ruby explode array) A little less hokus pokus The joy of not programming by coincidence Safari 4 auto caches Ruby DSL - Part 3: summary How to write a clean Ruby DSL - Part 2: Learning from Machinist How to write a clean Ruby DSL - Part I: Why? Rails 2.3 unitialized constant ActionController::Caching::Sweeper Authlogic::Session::NotActivated (You must activate the Authlogic::Session::Base.controller with a controller object before creating objects) Ditching Firefox for a bit Rails 2.3 authentication comparison CSS Rant -- 5 tips for rails developer sanity Concept to customers: go go go -- 10 steps to svelte development Rails wtf 4 rules for interface copy writing RMM lol When to use a bang (exclamation point) after Rails methods Ruby beginner tip: 2 key ways to write better methods Fixture drama - in case you missed it Vim folks: Use bash's vi mode Use rails debugger ! A tutorial Ruby tip: Return early Obama uses jquery And his trails do not fade Ruby each_cons Ruby Detect Enumerable (AKA Ruby Find enumerable) invalid geometry format (geometry.rb:36:in `from_s') attachment fu 20 minutes to setup production rails / Installing gems with ruby enterprise Too much rails? Sans Serif vs Serif tip for writing better web app copy A startup dilemma: mind the gaps? Runaway ruby process uses 100% cpu Using decision trees to predict paying users in Ruby RSpec continues to dominate Using stale? with rails to return 304 not modified "I don't use spreadsheets" Rspec domination Rails each_with_object vs inject Current Project: Translating Collective Intelligence code to Ruby Why setting the default value of a Hash to be a Hash is wrong Lol Fun With Machine Learning gsl with ruby on leopard Fortan on leopard backup / restore database Use mysqldump and mysqladmin with leopard Scheme vs Ruby Ignore stuff in svn Use memoize and to_param for easy rails permalinks How to use link_to object in Rails sql validations Cucumber and E-mail (Testing email in cucumber) Rails 2.3 and RSpec Rails 2.3 Tests ( undefined method use_transactional_fixtures= ) rails sitewide flash notice / success etc you.github.com Github subdomains Generate Rails diagrams with RailRoad Comment in Rubinius implementation of array * (multiply) method Enumerable#all in Ruby D2H: Legacy Jermemy Kemper on how to speed up Rails apps Need to validate a bunch of objects at once? Ruby Quiz One Liners neeraj.name is an awesome blog Cool Trick for ActiveSupport StringInquirer in Rails 2.2, Part II Rails 2.2 String Inquirer caveat ( ActiveSupport::StringInquirer ), Part I !! (The double bang / double not) in Ruby and vs && (double ampersand) in Ruby How delegate works in Rails, Part II How delegate works in Rails, Part I

github