I think this hashing should support salting of the passwords for enhanced security.
On 12/22/05, Jeff Watkins <[EMAIL PROTECTED]> wrote: > > OK. So I'm going to check in the changes to implement MD5 and SHA1 > hashing of passwords. This means *you'll* be responsible for making > certain the database contains encrypted passwords. However, to show > you that I'm not a horrible evil troll (like my daughter seems to > think I am, because I make her take her Zantac, which is really foul > stuff), I've added a method to the SqlObjectProvider class, > encrypt_password, which given a clear-text password will hash it (or > not) based on the current setting for > identity.soprovider.encryption_algorithm. > > I still have some testing to do before I'm ready to check in the > changes, but I think this will work. > > On 21 Dec, 2005, at 10:49 pm, Jeremy Jones wrote: > > > I was planning on creating my own registration form and encrypting > > the passwords in there before inserting them into the database. I > > was assuming that other folks using identity would need to do the > > same. Now, a CRUDy user management thingy would be pretty cool, > > but I personally wouldn't mind that being a longer term goal. > > -- [EMAIL PROTECTED]
