I think Ayende has a post on his blog about using an IUserType Implementation to store/retrieve hashed passwords.
On Oct 13, 5:52 am, Oskar Berggren <[email protected]> wrote: > One way to do it: > > My user has a property EncryptedPassword, which is usually a hash. > Probably public get, but private set. This is mapped to DB. > > There is a separate function User.SetPassword(string > cleartextPassword), which does the hashing and updates > EncryptedPassword. Cleartext is not stored in the User object. And > remember to use a salt. > > There is also a separate function bool User.VerifyPassword(string > cleartextPassword). > > This will keep the knowledge of the used hashing algorithm within the > User object, where it belongs IMHO. > > /Oskar > > 2009/10/13 Maxus <[email protected]>: > > > > > Hi People, > > > I have business reqirement to hash the users passwords for security. > > Whats the best way to achive that using nhibernate? Ideally I wanted > > to use the set method on the password property, but due to the use of > > DTOs this would be set everytime the entity went out and came back in > > which would rehash the already hashed value. I tried using a trigger, > > but nhibernate doesn't refetch the password after the trigger has > > hashed the value. > > > Any ideas how best to solve this issue? > > > Thanks in advance! > > -Maxus --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "nhusers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nhusers?hl=en -~----------~----~----~----~------~----~------~--~---
