Re: [symfony-users] Setting up a firewall with http_basic and stateless security

[Καρακούσης Απόστολος]

On Jun 17, 2011, at 10:20 AM, Christophe COEVOET wrote:

> Le 17/06/2011 02:16, Apostolos Karakoussis a écrit :
>> I am having trouble setting up a firewall. I am using beta4 so far.
>> ....

>> which basically tells to use hashing with sha1, without encoding as
>> base64 on the database. Since the whole procedure requires a salt, now
>> the function getSalt *SHOULD* be used so the final stored password in
>> the database should be "password123". I moddified the database record
>> to store the password as
>> "cbfdac6008f9cab4083784cbd1874f76618d2a97" (which is what I get using
>> hash('sha1', 'password123');
> The salt is not simply concatenated. You should use the encoder to encode the 
> password to be sure to have the same encoded password than when checking it.
> 
> Btw, the salt is also used when using plaintext
>> Now when I try to authenticate using the password 'password' I *STILL*
>> get the error:
>> 
>> [code]
>> Authentication request failed: The presented password is invalid.
>> [/code]
>> 
>> which is getting me to a dead end...
>> 
>> 
>> What am I doing wrong? How can I solve this?
>> 
Yes I figured it out in the end. The salt was added as "password{salt}" by the 
encoder.


> 
> 
> -- 
> Christophe | Stof
> 
> -- 
> If you want to report a vulnerability issue on symfony, please send it to 
> security at symfony-project.com
> 
> You received this message because you are subscribed to the Google
> Groups "symfony users" group.
> To post to this group, send email to symfony-users@googlegroups.com
> To unsubscribe from this group, send email to
> symfony-users+unsubscr...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/symfony-users?hl=en

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en