Thanks David,
I want password in table hashing with sha1 only and without security.salt.
in another way, it will make me easy using same table with different
framework or CMS.
cause sha1 is include on most CMS / framework. Salt? i don't think so.
Cookies needed for " remember me " on login form.
I need security.salt to hash them and I don't put user password on cookies.
I think someone has same problem with me.
Just in some case, you want to build some cakephp based site.
but, received some user and password data (hashed with sha1) before.
how to use this with Auth component...
On 9/11/08, David C. Zentgraf <[EMAIL PROTECTED]> wrote:
> Not quite sure I understand your particular issue, but why is the
> password in your DB "pure" SHA1?
> If you're using the Auth component all the way, it will hash the
> password including Salt when the user registers, so the only thing
> that should go into the db is SHA1(salt.password). And every time the
> user logs in, Auth uses the same SHA1(salt.password) for checking.
>
> If of course you got the passwords into the DB in another way, using
> only SHA1(password), you'll get conflicting results...
>
> And what do you want to do with cookies?
>
> Chrs,
> Dav
>
>
> On 11 Sep 2008, at 15:36, Yodi Aditya wrote:
>
> > Hey, dude.
> > Thanks, that's right sha1 is default hashing in auth component.
> > i just convience that using correct hashing sha1 in my controller
> > using
> > beforeFilter().
> >
> > But,
> > I say before, security.salt needed not only for Auth but hashing
> > cookies
> > too.
> > Disable security.salt is a bad solution.
> >
> > I'm login using Auth component, just like this :
> >
> > function login() {
> > if ($this->Auth->user()) {
> > if (!empty($this->data)) {
> > $this->redirect($this->Auth->redirect());
> > }
> > }
> > }
> >
> > user() check username and password automatically.
> > When checking password, Auth always hashing using sha1 combine with
> > security.salt.
> > It's makes different value compare with my password in database
> > that's using
> > sha1 only.
> >
> > Anyone help?
> >
> >
> >
> > On 9/10/08, Okto Silaban <[EMAIL PROTECTED]> wrote:
> >>
> >> Why do you need to set Security::setHash('sha1') in beforeFilter()
> >> function
> >> ?
> >>
> >> CakePHP use sha1 as default encryption.
> >>
> >> Meanwhile, you can use this In login form :
> >>
> >> $this->Auth->password($this->data['User']['password']) <--
> >> automatically
> >> using sha1 with salt.
> >>
> >>
> >> But if you want CakePHP use no .salt. at all, edit : app/config/
> >> core.php
> >>
> >> Just comment the following line :
> >>
> >> //Configure::write('Security.salt',
> >> '78bc27f1b49f17f5c3392e728f789bad78dbeb77');
> >>
> >> Okto.Silaban.Net
> >>
> >> On Wed, Sep 10, 2008 at 12:31 AM, Yodi Aditya <[EMAIL PROTECTED]>
> >> wrote:
> >>
> >>> I have some users table with 2 value , email and password (hash with
> >>> sha1).
> >>> Then i using auth component to make login form.
> >>> To make sure, that auth will using sha1 when hashing password, i'm
> >>> using :
> >>> Security::setHash('sha1'); in beforeFilter().
> >>>
> >>> Problem happen when Auth hashing password from password input form.
> >>> Auth hashing password from input form with sha1 + security.salt.
> >>> (not pure
> >>> sha1).
> >>> It's make different value between password input form and value in
> >>> password table's with same words,
> >>> example, clean password is "test".
> >>> hashing output "test" from Auth is different with sha1 hashing in
> >>> password
> >>> table.
> >>>
> >>> Make clean value on security.salt will be one bad solution.
> >>> Cause cakePHP using security.salt not only on Auth, but encrypt
> >>> cookies
> >>> too.
> >>>
> >>> Then, i try edit cake/libs/controller/components/auth.php.
> >>> .........
> >>> /**
> >>> * Hash a password with the application's salt value (as defined with
> >>> Configure::write('Security.salt');
> >>> *
> >>> * @param string $password Password to hash
> >>> * @return string Hashed password
> >>> * @access public
> >>> */
> >>> function password($password) {
> >>> return Security::hash($password, null, true); <--- i change
> >>> this
> >>> with false
> >>> }
> >>> /**
> >>> .............
> >>>
> >>> Problem solved. But still doubt about it.
> >>> There are another way to make Auth hashing without security.salt ?
> >>>
> >>>
> >>>
> >>
> >>>
> >>
> >
> > >
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
