Good point, I was assuming you would notice and unset() password on an edit (since the only way a user can edit it is by providing the unencrypted form.)
Yours is a good solution *except* when the user enters a 32 character length password consisting of only 0-9, A-F or a-f characters ;) I know, what are the chances, but... Anyhow you could also add a validation (ON the controller side so you can still save a hashed password ;) to avoid user filling in a password with specific md5 rules. -MI --------------------------------------------------------------------------- Remember, smart coders answer ten questions for every question they ask. So be smart, be cool, and share your knowledge. BAKE ON! blog: http://www.MarianoIglesias.com.ar -----Mensaje original----- De: cake-php@googlegroups.com [mailto:[EMAIL PROTECTED] En nombre de Daniel.S Enviado el: Lunes, 19 de Marzo de 2007 01:49 a.m. Para: Cake PHP Asunto: Re: saving sensitive data with md5 Will that re-hash the MD5'ed password field when editing and then saving again? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---