Re: Change Auth component will solve hash without salt?

Wed, 10 Sep 2008 00:40:26 -0700 

Why do you need to set Security::setHash('sha1') in beforeFilter() function
?

CakePHP use sha1 as default encryption.

Meanwhile, you can use this In login form :

$this->Auth->password($this->data['User']['password']) <-- automatically
using sha1 with salt.


But if you want CakePHP use no .salt. at all, edit : app/config/core.php

Just comment the following line :

//Configure::write('Security.salt',
'78bc27f1b49f17f5c3392e728f789bad78dbeb77');

Okto.Silaban.Net

On Wed, Sep 10, 2008 at 12:31 AM, Yodi Aditya <[EMAIL PROTECTED]> wrote:

> I have some users table with 2 value , email and password (hash with sha1).
> Then i using auth component to make login form.
> To make sure, that auth will using sha1 when hashing password, i'm using :
> Security::setHash('sha1'); in beforeFilter().
>
> Problem happen when Auth hashing password from password input form.
> Auth hashing password from input form with sha1 + security.salt. (not pure
> sha1).
> It's make different value between password input form and value in password
> table's with same words,
> example, clean password is "test".
> hashing output "test" from Auth is different with sha1 hashing in password
> table.
>
> Make clean value on security.salt will be one bad solution.
> Cause cakePHP using security.salt not only on Auth, but encrypt cookies
> too.
>
> Then, i try edit cake/libs/controller/components/auth.php.
> .........
> /**
>  * Hash a password with the application's salt value (as defined with
> Configure::write('Security.salt');
>  *
>  * @param string $password Password to hash
>  * @return string Hashed password
>  * @access public
>  */
>     function password($password) {
>         return Security::hash($password, null, true); <--- i change this
> with false
>     }
> /**
> .............
>
> Problem solved. But still doubt about it.
> There are another way to make Auth hashing without security.salt ?
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to