Thanks, it'll give me a starting point to look at! I was thinking I could probably just extend the AuthComponent, override a few functions and build it up that way. Will try that when I get some dev time to sit down and try it.
On Sep 6, 12:46 pm, francky06l <[EMAIL PROTECTED]> wrote: > I had the same problem, and some others ..I use the Auth components > but made few changes in the application wihtout modifications to the > core : > > - do not use the name "password" in the views (login or other user > management views), but another "dummy" name. Handle this dummy name > (hash or whatever and replace in your password field) prior to save. > - do not use the login function of Auth component direct. Instead make > your own "login" method and pass the id of your user record to the > Auth component => it will read the record using the id (not comparing > password), ans store the User record in session. > > Hope this helps > > On Sep 6, 1:33 pm, MrTufty <[EMAIL PROTECTED]> wrote: > > > Hi all, > > > Just a quick question - I've searched, but found nothing definitive. > > > I'm building my site with Cake and I've decided to use the built-in > > ACL/Auth stuff rather than write my own (mostly because I'm sure > > you're all a lot smarter than I am, and if it works for you, then > > it'll probably work for me). > > > However... I'm not a fan of the way that the passwords appear to be > > getting hashed, using the CAKE_SESSION_STRING as a salt value. In > > general I prefer to generate a random salt value for each user. Ok, it > > means an extra DB query (to retrieve the user's salt value) for pretty > > much every page request, but I think that it's worth it from the point > > of view of security (I'm paranoid I guess). > > > I've just successfully built a site using a system like this (non-Cake > > though - my employers balked at my previous Cake sites because my > > colleagues couldn't understand the code - they said they needed to go > > on a training course to figure it out!). > > > Is there a way to make my Cake site salt/hash the passwords in this > > way? If so, where should I be making changes/overriding functions in > > order to make it happen? > > > Thanks! > > > Steve --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
