Devise: encrypted_password field name scares the crap out of me

Created on 27 Aug 2016  ·  5Comments  ·  Source: heartcombo/devise

I know (now) that there is a plan to deprecate the use of encrypted_password as a field name, but I only learned that because I panicked after installing Devise in a new Rails app. Then, I spent some time digging through the code to verify that Devise is using BCrypt by default and git blameing old commits to figure out why the field has the name it does.

I bet (hope!) I am not the only one who sees this field and wonders in horror about what Devise is doing under the hood, and others may not be as successful as myself in tracking down the answer. Would a pull request be accepted that described the reason & clarifies that hashing is actually happening?

picture joshjordan

Most helpful comment

I would probably add a note to the readme after the installation migration that gives the message "You may notice that we're using a password field entitled encrypted_password. Don't panic! We are, of course, hahsing passwords using Bcrypt (by default). This field is named this way for legacy reasons and will be deprecated, and later changed, in future versions. See for more details".

Something along those lines. Thoughts?

picture joshjordan on 30 Aug 2016
👍4

All 5 comments

@joshjordan that's a nice idea. What do you have in mind about how to document the reasoning?

georgeguimaraes picture georgeguimaraes on 29 Aug 2016

I would probably add a note to the readme after the installation migration that gives the message "You may notice that we're using a password field entitled encrypted_password. Don't panic! We are, of course, hahsing passwords using Bcrypt (by default). This field is named this way for legacy reasons and will be deprecated, and later changed, in future versions. See for more details".

Something along those lines. Thoughts?

joshjordan picture joshjordan on 30 Aug 2016
👍4

@joshjordan :+1: for a README.md update for this.

lucasmazza picture lucasmazza on 4 Sep 2016

@joshjordan Any news on this issue?

evertonts picture evertonts on 20 Jan 2017

We used devise for a new project today, this scared the crap out of us too until we did some digging. This is worth a breaking change IMHO.

svperfecta picture svperfecta on 16 Feb 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

HerbertKoelman picture HerbertKoelman  ·  3Comments
mits87 picture mits87  ·  3Comments
emn178 picture emn178  ·  4Comments
JanBussieck picture JanBussieck  ·  3Comments
neohunter picture neohunter  ·  3Comments