Seems really perfect timing : http://groups.google.com/group/cake-php/browse_thread/thread/9026125f87c173f2
On Sep 7, 11:10 am, MrTufty <[EMAIL PROTECTED]> wrote: > Thanks, it'll give me a starting point to look at! > > I was thinking I could probably just extend the AuthComponent, > override a few functions and build it up that way. Will try that when > I get some dev time to sit down and try it. > > On Sep 6, 12:46 pm, francky06l <[EMAIL PROTECTED]> wrote: > > > I had the same problem, and some others ..I use the Auth components > > but made few changes in the application wihtout modifications to the > > core : > > > - do not use the name "password" in the views (login or other user > > management views), but another "dummy" name. Handle this dummy name > > (hash or whatever and replace in your password field) prior to save. > > - do not use the login function of Auth component direct. Instead make > > your own "login" method and pass the id of your user record to the > > Auth component => it will read the record using the id (not comparing > > password), ans store the User record in session. > > > Hope this helps > > > On Sep 6, 1:33 pm, MrTufty <[EMAIL PROTECTED]> wrote: > > > > Hi all, > > > > Just a quick question - I've searched, but found nothing definitive. > > > > I'm building my site with Cake and I've decided to use the built-in > > > ACL/Auth stuff rather than write my own (mostly because I'm sure > > > you're all a lot smarter than I am, and if it works for you, then > > > it'll probably work for me). > > > > However... I'm not a fan of the way that the passwords appear to be > > > getting hashed, using the CAKE_SESSION_STRING as a salt value. In > > > general I prefer to generate a random salt value for each user. Ok, it > > > means an extra DB query (to retrieve the user's salt value) for pretty > > > much every page request, but I think that it's worth it from the point > > > of view of security (I'm paranoid I guess). > > > > I've just successfully built a site using a system like this (non-Cake > > > though - my employers balked at my previous Cake sites because my > > > colleagues couldn't understand the code - they said they needed to go > > > on a training course to figure it out!). > > > > Is there a way to make my Cake site salt/hash the passwords in this > > > way? If so, where should I be making changes/overriding functions in > > > order to make it happen? > > > > Thanks! > > > > Steve --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
