On 10/08/06, Brandon Black <[EMAIL PROTECTED]> wrote: > > > > On 8/10/06, Christopher H. Laco <[EMAIL PROTECTED]> wrote: > > Jonas wrote: > > > Hi, > > > I'm trying to store an hashed password in a database using DBIC. What > > > is the best way to create the digest of the password? > > > I tried with deflate, but deflate only runs when the argument is a > reference. > > > Then i tried with an HTML::Widget Filter but the filter runs before > > > the constraints, so the password failed to match with the confirm > > > field. > > > There are any other way of doing this without explicitly making the > > > hash in the insert and update methods? > > > > > > Thanks, > > > --Jonas > > > > http://search.cpan.org/dist/DBIx-Class-DigestColumns/ > > > Also, you could use something like: > > http://pajhome.org.uk/crypt/md5/sha1src.html > > And do your hashing in javascript in the browser. Basically you want to > hook onClick/onSubmit/whatever for your login form, and hash the contents of > the passwd field before doing the actual submission, using a javascript sha1 > (or other algorithm of your choosing). > > Its much safer from a security standpoint to hash at the browser, as this > prevents the user's cleartext password from being sent over the wire at all, > and keeps your code/logs/employees from ever having a chance at knowledge of > the actual password. > > -- Brandon
Thanks Brandon, maybe i'll go that way in the future. :) --Jonas _______________________________________________ List: [email protected] Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
