On 9 Apr 2010, at 02:58, Evan Carroll wrote: > I already patched this with a fix, it is on github and I've linked to > it and posted it on rt. Janus told me he would give me maintenance to > post it on CPAN, and he hasn't followed through yet. It fixes the > problem by permitting you to pull in a non-static salt from the DB.
If you want a non-static salt, wouldn't you just use the 'salted_hash' password type in your config? I'd assume the whole point of the 'hashed' type is that you explictly want a common but hidden salt value regardless of how undesirable that is. As far as I can tell, the whole point of this patch is aimed at the 'hashed' password case only (rather than 'salted_hash'). - Mark _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
