You can provide custom hash functions/methods to sfDoctrineGuardPlugin. Please have a look there: http://trac.symfony-project.org/browser/plugins/sfDoctrineGuardPlugin/trunk/lib/model/doctrine/PluginsfGuardUser.class.php#L43
Marc On Thu, Jun 24, 2010 at 12:02 AM, Maciej Rumianowski < [email protected]> wrote: > Hi, > > I'm wondering if symfony is going to use new safer hash functions. I'm > using sfGuardPlugin which uses md5 and sha1 (I didn't check it in > Doctrine's). NSA or NIST (I don't know which one) suggested that new > applications (build to be use after 2010) should use SHA-2 or similar. > > As of PHP 5.1.2 I suppose, there is hash() function which has long list > of algorithms to use, shouldn't it be better to use these algos? > > Moreover I read on > > http://laurent.bachelier.name/2010/04/and-i-thought-sfdoctrineguardplugin-was-bad > …/ > that instead rand() mt_rand() should be use. > > Thanks > Maciej Rumianowski > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected]<symfony-devs%[email protected]> > For more options, visit this group at > http://groups.google.com/group/symfony-devs?hl=en > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
