This is a scenario that is true to me and it is leading me to take the decision to not upgrade to Cake3 at this moment.
I have 2 applications and one has to communicate with another. One application has been fully built with the latest stable version of cake 2 and the new application, that is on legacy code, was going to be using cake 3 so we could benefit of all of the new perks. Unfortunately with the removal of the cipherseed and the cipher functions a password that was generated in cake2 now can't be used in cake3. Example of password encryption results using CakePHP 2.6 and CakePHP 3 password = changeme Salt and Cipherseed where kept the same among both versions. CakePHP 2.6 HashClass = Simple HashType = SHA256 Encryption result = *cb15d8050a3da1c302e62d27b57e128fb4aef8207b39cd17d44afb3838390c43* CakePHP 3 HashClass = Weak HashType = SHA256 Encryption result = *c88333b093105e07acff5b19be6fbaf51e6482b1* I had asked this on twitter before and the response that I got was that there would be backwards compatibility if you were using Simple password hasher in CakePHP 2.6 and upgraded it to CakePHP 3 so I wouldn't need to change all my users passwords through the database or force them to reset their password. Based on the result above I don't see how I can use the same password system from Cake 2 to Cake 3 and it also doesn't seem like it is using the hashType set on config. Is there anything I'm missing here. Can anyone help? I need to decide really quick if I will move forth with Cake 3 or keep development with Cake 2. Thanks in advance. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/d/optout.