RE: saving sensitive data with md5
Good point, I was assuming you would notice and unset() password on an edit (since the only way a user can edit it is by providing the unencrypted form.) Yours is a good solution *except* when the user enters a 32 character length password consisting of only 0-9, A-F or a-f characters ;) I know, what are the chances, but... Anyhow you could also add a validation (ON the controller side so you can still save a hashed password ;) to avoid user filling in a password with specific md5 rules. -MI --- Remember, smart coders answer ten questions for every question they ask. So be smart, be cool, and share your knowledge. BAKE ON! blog: http://www.MarianoIglesias.com.ar -Mensaje original- De: cake-php@googlegroups.com [mailto:[EMAIL PROTECTED] En nombre de Daniel.S Enviado el: Lunes, 19 de Marzo de 2007 01:49 a.m. Para: Cake PHP Asunto: Re: saving sensitive data with md5 Will that re-hash the MD5'ed password field when editing and then saving again? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: saving sensitive data with md5
On Mar 19, 5:48 am, "Daniel.S" <[EMAIL PROTECTED]> wrote: > Will that re-hash the MD5'ed password field when editing and then > saving again? > yes, beforeSave catches that --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: saving sensitive data with md5
Will that re-hash the MD5'ed password field when editing and then
saving again?
I do this at the moment:
In model:
function beforeSave() {
$password = isset($this->data['User']['password'])?$this->data['User']
['password']:"";
if (!preg_match(VALID_MD5,$password) {
$this->data['User']['password'] = md5($this->data['User']
['password']);
}
return true;
}
In bootstrap:
define('VALID_MD5','/^[a-fA-F0-9]{32}$/i');
On Mar 19, 6:40 am, "Mariano Iglesias" <[EMAIL PROTECTED]>
wrote:
> Sure, use the beforeSave and beforeFind on the model side.
>
> class User extends AppModel {
> // ...
> function beforeSave() {
>
> if (isset($this->data[$this->name]['password'])) {
> $this->data[$this->name]['password'] =
> md5($this->data[$this->name]['password']);
> }
>
> return parent::beforeSave();
> }
>
> function beforeFind($queryData) {
> if (isset($queryData[$this->name]['password'])) {
> $queryData[$this->name]['password'] =
> md5($this->data[$this->name]['password']);
> }
>
> return $queryData;
> }
>
> }
>
> This way when from your controller you are saving the model having the
> password field set, it will automatically hash it:
>
> $data = array(
> 'User' => array('user' => 'mariano', 'password' => 'password')
> );
>
> $this->User->save($data);
>
> The same way when you are looking for a record if you set the password field
> as part of the data to be searched for, it will hash it:
>
> $conditions = array(
> 'User' => array('user' => 'mariano', 'password' => 'password')
> );
>
> $result = $this->User->find($conditions);
>
> -MI
>
> ---
>
> Remember, smart coders answer ten questions for every question they ask.
> So be smart, be cool, and share your knowledge.
>
> BAKE ON!
>
> blog:http://www.MarianoIglesias.com.ar
>
> -Mensaje original-
> De: cake-php@googlegroups.com [mailto:[EMAIL PROTECTED] En nombre
> de billybob
> Enviado el: Domingo, 18 de Marzo de 2007 02:12 p.m.
> Para: Cake PHP
> Asunto: saving sensitive data with md5
>
> I'm using cake's MVC approach which works really great. I like the
> ability to use the MVC and save from the controller; it makes things
> nice and is very easy. I did run into a problem which I can't figure
> out, however. Let's say I want to save sensitive information like a
> password in the database. Currently, it appears cake will only let
> you save in clear text (won't let you hash) in the default MVC
> approach.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: saving sensitive data with md5
No need to jump up and down proclaiming the original message poster to be incompetant while trumpeting CakePHP's virtues. Why don't you learn from Mariano and provide a solution. You've done it in a few message threads today, and it's not productive at all. On Mar 19, 5:30 am, "Walker Hamilton" <[EMAIL PROTECTED]> wrote: > This is not a cakePHP problem so much as a programming issue. If you > learn how to hash md5's using php, you'll be able to do them in cake. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
RE: saving sensitive data with md5
Sure, use the beforeSave and beforeFind on the model side.
class User extends AppModel {
// ...
function beforeSave() {
if (isset($this->data[$this->name]['password'])) {
$this->data[$this->name]['password'] =
md5($this->data[$this->name]['password']);
}
return parent::beforeSave();
}
function beforeFind($queryData) {
if (isset($queryData[$this->name]['password'])) {
$queryData[$this->name]['password'] =
md5($this->data[$this->name]['password']);
}
return $queryData;
}
}
This way when from your controller you are saving the model having the
password field set, it will automatically hash it:
$data = array(
'User' => array('user' => 'mariano', 'password' => 'password')
);
$this->User->save($data);
The same way when you are looking for a record if you set the password field
as part of the data to be searched for, it will hash it:
$conditions = array(
'User' => array('user' => 'mariano', 'password' => 'password')
);
$result = $this->User->find($conditions);
-MI
---
Remember, smart coders answer ten questions for every question they ask.
So be smart, be cool, and share your knowledge.
BAKE ON!
blog: http://www.MarianoIglesias.com.ar
-Mensaje original-
De: cake-php@googlegroups.com [mailto:[EMAIL PROTECTED] En nombre
de billybob
Enviado el: Domingo, 18 de Marzo de 2007 02:12 p.m.
Para: Cake PHP
Asunto: saving sensitive data with md5
I'm using cake's MVC approach which works really great. I like the
ability to use the MVC and save from the controller; it makes things
nice and is very easy. I did run into a problem which I can't figure
out, however. Let's say I want to save sensitive information like a
password in the database. Currently, it appears cake will only let
you save in clear text (won't let you hash) in the default MVC
approach.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: saving sensitive data with md5
This is not a cakePHP problem so much as a programming issue. If you learn how to hash md5's using php, you'll be able to do them in cake. On Mar 18, 12:12 pm, "billybob" <[EMAIL PROTECTED]> wrote: > Hi - > > I'm using cake's MVC approach which works really great. I like the > ability to use the MVC and save from the controller; it makes things > nice and is very easy. I did run into a problem which I can't figure > out, however. Let's say I want to save sensitive information like a > password in the database. Currently, it appears cake will only let > you save in clear text (won't let you hash) in the default MVC > approach. > > Does anyone have a solution to the problem above - while still taking > advantage of the elegant, automated MVC approach? It almost seems > like I'm stuck with one or the other - kind of annoying. > > Thanks --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
saving sensitive data with md5
Hi - I'm using cake's MVC approach which works really great. I like the ability to use the MVC and save from the controller; it makes things nice and is very easy. I did run into a problem which I can't figure out, however. Let's say I want to save sensitive information like a password in the database. Currently, it appears cake will only let you save in clear text (won't let you hash) in the default MVC approach. Does anyone have a solution to the problem above - while still taking advantage of the elegant, automated MVC approach? It almost seems like I'm stuck with one or the other - kind of annoying. Thanks --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
