thanks martin. thats help me solve my problem.
On 9/11/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> There are at least two ways to stop AuthComponent from using the salt.
>
> I think the simple hacky way for you in this case is to alter that one
> line of code in Auth and keep it in your list of "small tweaks I have
> done" (I have one of those).
> Line 811
> return Security::hash($password, null, true);
> should read
> return Security::hash($password, null, false);
>
> You can avoid modifying Auth by assigning the authenticate property to
> an object you have created. Then you can hash any way you like in that
> object. Look at hashPasswords() in Auth. This method delegates the
> hashing to an authenticate object if you have set one.
>
> /Martin
>
>
> On Sep 11, 11:50 am, "Yodi Aditya" <[EMAIL PROTECTED]> wrote:
>> Thanks David,
>>
>> I want password in table hashing with sha1 only and without security.salt.
>> in another way, it will make me easy using same table with different
>> framework or CMS.
>> cause sha1 is include on most CMS / framework. Salt? i don't think so.
>>
>> Cookies needed for " remember me " on login form.
>> I need security.salt to hash them and I don't put user password on
>> cookies.
>>
>> I think someone has same problem with me.
>> Just in some case, you want to build some cakephp based site.
>> but, received some user and password data (hashed with sha1) before.
>>
>> how to use this with Auth component...
>>
>> On 9/11/08, David C. Zentgraf <[EMAIL PROTECTED]> wrote:
>>
>> > Not quite sure I understand your particular issue, but why is the
>> > password in your DB "pure" SHA1?
>> > If you're using the Auth component all the way, it will hash the
>> > password including Salt when the user registers, so the only thing
>> > that should go into the db is SHA1(salt.password). And every time the
>> > user logs in, Auth uses the same SHA1(salt.password) for checking.
>>
>> > If of course you got the passwords into the DB in another way, using
>> > only SHA1(password), you'll get conflicting results...
>>
>> > And what do you want to do with cookies?
>>
>> > Chrs,
>> > Dav
>>
>> > On 11 Sep 2008, at 15:36, Yodi Aditya wrote:
>>
>> > > Hey, dude.
>> > > Thanks, that's right sha1 is default hashing in auth component.
>> > > i just convience that using correct hashing sha1 in my controller
>> > > using
>> > > beforeFilter().
>>
>> > > But,
>> > > I say before, security.salt needed not only for Auth but hashing
>> > > cookies
>> > > too.
>> > > Disable security.salt is a bad solution.
>>
>> > > I'm login using Auth component, just like this :
>>
>> > > function login() {
>> > > if ($this->Auth->user()) {
>> > > if (!empty($this->data)) {
>> > > $this->redirect($this->Auth->redirect());
>> > > }
>> > > }
>> > > }
>>
>> > > user() check username and password automatically.
>> > > When checking password, Auth always hashing using sha1 combine with
>> > > security.salt.
>> > > It's makes different value compare with my password in database
>> > > that's using
>> > > sha1 only.
>>
>> > > Anyone help?
>>
>> > > On 9/10/08, Okto Silaban <[EMAIL PROTECTED]> wrote:
>>
>> > >> Why do you need to set Security::setHash('sha1') in beforeFilter()
>> > >> function
>> > >> ?
>>
>> > >> CakePHP use sha1 as default encryption.
>>
>> > >> Meanwhile, you can use this In login form :
>>
>> > >> $this->Auth->password($this->data['User']['password']) <--
>> > >> automatically
>> > >> using sha1 with salt.
>>
>> > >> But if you want CakePHP use no .salt. at all, edit : app/config/
>> > >> core.php
>>
>> > >> Just comment the following line :
>>
>> > >> //Configure::write('Security.salt',
>> > >> '78bc27f1b49f17f5c3392e728f789bad78dbeb77');
>>
>> > >> Okto.Silaban.Net
>>
>> > >> On Wed, Sep 10, 2008 at 12:31 AM, Yodi Aditya <[EMAIL PROTECTED]>
>> > >> wrote:
>>
>> > >>> I have some users table with 2 value , email and password (hash with
>> > >>> sha1).
>> > >>> Then i using auth component to make login form.
>> > >>> To make sure, that auth will using sha1 when hashing password, i'm
>> > >>> using :
>> > >>> Security::setHash('sha1'); in beforeFilter().
>>
>> > >>> Problem happen when Auth hashing password from password input form.
>> > >>> Auth hashing password from input form with sha1 + security.salt.
>> > >>> (not pure
>> > >>> sha1).
>> > >>> It's make different value between password input form and value in
>> > >>> password table's with same words,
>> > >>> example, clean password is "test".
>> > >>> hashing output "test" from Auth is different with sha1 hashing in
>> > >>> password
>> > >>> table.
>>
>> > >>> Make clean value on security.salt will be one bad solution.
>> > >>> Cause cakePHP using security.salt not only on Auth, but encrypt
>> > >>> cookies
>> > >>> too.
>>
>> > >>> Then, i try edit cake/libs/controller/components/auth.php.
>> > >>> .........
>> > >>> /**
>> > >>> * Hash a password with the application's salt value (as defined with
>> > >>> Configure::write('Security.salt');
>> > >>> *
>> > >>> * @param string $password Password to hash
>> > >>> * @return string Hashed password
>> > >>> * @access public
>> > >>> */
>> > >>> function password($password) {
>> > >>> return Security::hash($password, null, true); <--- i change
>> > >>> this
>> > >>> with false
>> > >>> }
>> > >>> /**
>> > >>> .............
>>
>> > >>> Problem solved. But still doubt about it.
>> > >>> There are another way to make Auth hashing without security.salt ?
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
