lastest work towards the secure_compare tutorial

2013-08-18 20:10:36 -04:00
parent 3c7a3fc9e4
commit bc74edf28d
2 changed files with 6 additions and 4 deletions
@@ -37,7 +37,7 @@ class User < ActiveRecord::Base
 =begin
  # More secure version, still lacking a decent hashing routine, this is for timing attack prevention
  def self.authenticate(email, password)
-       user = find_by_email(email) || User.new(:password => '')
+       user = find_by_email(email) || User.new(:password => "")
        if Rack::Utils.secure_compare(user.password, Digest::MD5.hexdigest(password))
          return user
        else