One way to do it: My user has a property EncryptedPassword, which is usually a hash. Probably public get, but private set. This is mapped to DB.
There is a separate function User.SetPassword(string cleartextPassword), which does the hashing and updates EncryptedPassword. Cleartext is not stored in the User object. And remember to use a salt. There is also a separate function bool User.VerifyPassword(string cleartextPassword). This will keep the knowledge of the used hashing algorithm within the User object, where it belongs IMHO. /Oskar 2009/10/13 Maxus <rtypestud...@gmail.com>: > > Hi People, > > I have business reqirement to hash the users passwords for security. > Whats the best way to achive that using nhibernate? Ideally I wanted > to use the set method on the password property, but due to the use of > DTOs this would be set everytime the entity went out and came back in > which would rehash the already hashed value. I tried using a trigger, > but nhibernate doesn't refetch the password after the trigger has > hashed the value. > > Any ideas how best to solve this issue? > > Thanks in advance! > -Maxus > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "nhusers" group. To post to this group, send email to nhusers@googlegroups.com To unsubscribe from this group, send email to nhusers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nhusers?hl=en -~----------~----~----~----~------~----~------~--~---