Sorry to jump in the passionate discussion, I do not see any complex problem in all this. Just my few cents about this hashing story:
- Auth component is fine hashing automatically password, it defaults it to sha1, now (as mentioned earlier) you can write your own authenticate object. This object can actually not making hashing at all. - The only little thing to take care of is when you register your password (ie: btw good example on Chris blog, Chris I made a comment). If you use password field as input, Auth will hash it even if you left the password empty. Then you can sign in with an empty password. A validation rule against empty (password) will fail too in such case. The solution, is to set a rule on the confirm password and make the check on confirm_password (prior to hash it). Do not get me wrong, the Auth is fine and does perfectly the job. Take care when registering password, but usually it's done, isn't ? hth Franck On Jan 18, 10:36 pm, nate <[EMAIL PROTECTED]> wrote: > Right, we make it so you have to use an annoying and silly workaround > *for a reason*. Because when it's annoying and silly, you have to > stop and think about it, because whatever it is you're trying to do is > probably wrong. Whatever problem you are trying to solve by accessing > a plaintext password can probably be solved some other way. You're > problem is not original. > > You are not special. > You are not a beautiful and unique snowflake. > You are the all-singing, all-dancing crap of the earth. > > On Jan 18, 3:32 pm, rtconner <[EMAIL PROTECTED]> wrote: > > > This particular issue is the framework trying to baby it's users. > > Telling us that we can't implement our own security practices. It's > > not even that you can turn it off if you don't want it, you just can't > > turn it off. You literally have to "deal with it" with a little > > workaround of some sort. Not that it's super hard to work around, but > > it is a work around. It's just annoying, and silly.. like I said. > > > On Jan 18, 1:14 pm, Baz <[EMAIL PROTECTED]> wrote: > > > > Now it's comments like this that help me understand why the developers > > > sometimes get frustrated with this mailing list. This statement serves > > > absolutely no purpose. It is a blind criticism without any productive > > > alternative. > > > > Frameworks are developed for the mass, not individuals. Meaning, what's > > > there is going to serve 85% of the people just fine. If you have a > > > _better_ > > > alternative, then please suggest. > > > > Otherwise, quit whining. It's not compiled code; it's PHP. If you don't > > > like > > > it, open up the bloody file and hit the delete key move on. > > > -- > > > Baz L > > > Web Development 2.0http://WebDevelopment2.com/ > > > > On Jan 18, 2008 1:31 PM, rtconner <[EMAIL PROTECTED]> wrote: > > > > > I'll just say, I love any and all complaints about that auto hashing > > > > thing. I think it's silly and annoying and shouldnt be part of cake. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
