thanks martin. thats help me solve my problem. On 9/11/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > There are at least two ways to stop AuthComponent from using the salt. > > I think the simple hacky way for you in this case is to alter that one > line of code in Auth and keep it in your list of "small tweaks I have > done" (I have one of those). > Line 811 > return Security::hash($password, null, true); > should read > return Security::hash($password, null, false); > > You can avoid modifying Auth by assigning the authenticate property to > an object you have created. Then you can hash any way you like in that > object. Look at hashPasswords() in Auth. This method delegates the > hashing to an authenticate object if you have set one. > > /Martin > > > On Sep 11, 11:50 am, "Yodi Aditya" <[EMAIL PROTECTED]> wrote: >> Thanks David, >> >> I want password in table hashing with sha1 only and without security.salt. >> in another way, it will make me easy using same table with different >> framework or CMS. >> cause sha1 is include on most CMS / framework. Salt? i don't think so. >> >> Cookies needed for " remember me " on login form. >> I need security.salt to hash them and I don't put user password on >> cookies. >> >> I think someone has same problem with me. >> Just in some case, you want to build some cakephp based site. >> but, received some user and password data (hashed with sha1) before. >> >> how to use this with Auth component... >> >> On 9/11/08, David C. Zentgraf <[EMAIL PROTECTED]> wrote: >> >> > Not quite sure I understand your particular issue, but why is the >> > password in your DB "pure" SHA1? >> > If you're using the Auth component all the way, it will hash the >> > password including Salt when the user registers, so the only thing >> > that should go into the db is SHA1(salt.password). And every time the >> > user logs in, Auth uses the same SHA1(salt.password) for checking. >> >> > If of course you got the passwords into the DB in another way, using >> > only SHA1(password), you'll get conflicting results... >> >> > And what do you want to do with cookies? >> >> > Chrs, >> > Dav >> >> > On 11 Sep 2008, at 15:36, Yodi Aditya wrote: >> >> > > Hey, dude. >> > > Thanks, that's right sha1 is default hashing in auth component. >> > > i just convience that using correct hashing sha1 in my controller >> > > using >> > > beforeFilter(). >> >> > > But, >> > > I say before, security.salt needed not only for Auth but hashing >> > > cookies >> > > too. >> > > Disable security.salt is a bad solution. >> >> > > I'm login using Auth component, just like this : >> >> > > function login() { >> > > if ($this->Auth->user()) { >> > > if (!empty($this->data)) { >> > > $this->redirect($this->Auth->redirect()); >> > > } >> > > } >> > > } >> >> > > user() check username and password automatically. >> > > When checking password, Auth always hashing using sha1 combine with >> > > security.salt. >> > > It's makes different value compare with my password in database >> > > that's using >> > > sha1 only. >> >> > > Anyone help? >> >> > > On 9/10/08, Okto Silaban <[EMAIL PROTECTED]> wrote: >> >> > >> Why do you need to set Security::setHash('sha1') in beforeFilter() >> > >> function >> > >> ? >> >> > >> CakePHP use sha1 as default encryption. >> >> > >> Meanwhile, you can use this In login form : >> >> > >> $this->Auth->password($this->data['User']['password']) <-- >> > >> automatically >> > >> using sha1 with salt. >> >> > >> But if you want CakePHP use no .salt. at all, edit : app/config/ >> > >> core.php >> >> > >> Just comment the following line : >> >> > >> //Configure::write('Security.salt', >> > >> '78bc27f1b49f17f5c3392e728f789bad78dbeb77'); >> >> > >> Okto.Silaban.Net >> >> > >> On Wed, Sep 10, 2008 at 12:31 AM, Yodi Aditya <[EMAIL PROTECTED]> >> > >> wrote: >> >> > >>> I have some users table with 2 value , email and password (hash with >> > >>> sha1). >> > >>> Then i using auth component to make login form. >> > >>> To make sure, that auth will using sha1 when hashing password, i'm >> > >>> using : >> > >>> Security::setHash('sha1'); in beforeFilter(). >> >> > >>> Problem happen when Auth hashing password from password input form. >> > >>> Auth hashing password from input form with sha1 + security.salt. >> > >>> (not pure >> > >>> sha1). >> > >>> It's make different value between password input form and value in >> > >>> password table's with same words, >> > >>> example, clean password is "test". >> > >>> hashing output "test" from Auth is different with sha1 hashing in >> > >>> password >> > >>> table. >> >> > >>> Make clean value on security.salt will be one bad solution. >> > >>> Cause cakePHP using security.salt not only on Auth, but encrypt >> > >>> cookies >> > >>> too. >> >> > >>> Then, i try edit cake/libs/controller/components/auth.php. >> > >>> ......... >> > >>> /** >> > >>> * Hash a password with the application's salt value (as defined with >> > >>> Configure::write('Security.salt'); >> > >>> * >> > >>> * @param string $password Password to hash >> > >>> * @return string Hashed password >> > >>> * @access public >> > >>> */ >> > >>> function password($password) { >> > >>> return Security::hash($password, null, true); <--- i change >> > >>> this >> > >>> with false >> > >>> } >> > >>> /** >> > >>> ............. >> >> > >>> Problem solved. But still doubt about it. >> > >>> There are another way to make Auth hashing without security.salt ? > > >
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---