Will that re-hash the MD5'ed password field when editing and then saving again?
I do this at the moment: In model: function beforeSave() { $password = isset($this->data['User']['password'])?$this->data['User'] ['password']:""; if (!preg_match(VALID_MD5,$password) { $this->data['User']['password'] = md5($this->data['User'] ['password']); } return true; } In bootstrap: define('VALID_MD5','/^[a-fA-F0-9]{32}$/i'); On Mar 19, 6:40 am, "Mariano Iglesias" <[EMAIL PROTECTED]> wrote: > Sure, use the beforeSave and beforeFind on the model side. > > class User extends AppModel { > // ... > function beforeSave() { > > if (isset($this->data[$this->name]['password'])) { > $this->data[$this->name]['password'] = > md5($this->data[$this->name]['password']); > } > > return parent::beforeSave(); > } > > function beforeFind($queryData) { > if (isset($queryData[$this->name]['password'])) { > $queryData[$this->name]['password'] = > md5($this->data[$this->name]['password']); > } > > return $queryData; > } > > } > > This way when from your controller you are saving the model having the > password field set, it will automatically hash it: > > $data = array( > 'User' => array('user' => 'mariano', 'password' => 'password') > ); > > $this->User->save($data); > > The same way when you are looking for a record if you set the password field > as part of the data to be searched for, it will hash it: > > $conditions = array( > 'User' => array('user' => 'mariano', 'password' => 'password') > ); > > $result = $this->User->find($conditions); > > -MI > > --------------------------------------------------------------------------- > > Remember, smart coders answer ten questions for every question they ask. > So be smart, be cool, and share your knowledge. > > BAKE ON! > > blog:http://www.MarianoIglesias.com.ar > > -----Mensaje original----- > De: cake-php@googlegroups.com [mailto:[EMAIL PROTECTED] En nombre > de billybob > Enviado el: Domingo, 18 de Marzo de 2007 02:12 p.m. > Para: Cake PHP > Asunto: saving sensitive data with md5 > > I'm using cake's MVC approach which works really great. I like the > ability to use the MVC and save from the controller; it makes things > nice and is very easy. I did run into a problem which I can't figure > out, however. Let's say I want to save sensitive information like a > password in the database. Currently, it appears cake will only let > you save in clear text (won't let you hash) in the default MVC > approach. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---