On Jan 18, 2008 10:56 PM, aranworld <[EMAIL PROTECTED]> wrote:
>
> But is nate also suggesting that CakePHP developers think it is E-vil
> for us to want to have access to the plaintext version of the password
> during a Model save? Or are we all in agreement that you need to send
> a plaintext v
I would like a little clarification here...
When people above are talking about "using plaintext passwords" and
"disabling hashing", are they talking about actually storing plaintext
passwords in the database? I think most of us can agree that this is
Evil.
But is nate also suggesting that Cake
djiize, thanks for the code sample. That's effectively what my own
code was doing, except (for some stupid reason) I'd neglected to load
the User model to get the hashPasswords function (in the theory that
it would be loaded by the Auth component anyway, I think).
I'm with nate on this one (not b
Sorry to jump in the passionate discussion, I do not see any complex
problem in all this. Just my few cents about this hashing story:
- Auth component is fine hashing automatically password, it defaults
it to sha1, now (as mentioned earlier) you can write your own
authenticate object. This object
Right, we make it so you have to use an annoying and silly workaround
*for a reason*. Because when it's annoying and silly, you have to
stop and think about it, because whatever it is you're trying to do is
probably wrong. Whatever problem you are trying to solve by accessing
a plaintext passwor
Np :) I wouldn't expect you to read every little rejected bug report
on trac.
On Jan 18, 1:45 pm, "Chris Hartjes" <[EMAIL PROTECTED]> wrote:
> On Jan 18, 2008 3:43 PM, rtconner <[EMAIL PROTECTED]> wrote:
>
>
>
> > Ya I had this out with nate already. I've given up. I think my
> > solution was to
On Jan 18, 2008 3:43 PM, rtconner <[EMAIL PROTECTED]> wrote:
>
> Ya I had this out with nate already. I've given up. I think my
> solution was to set the hash type to none.
> https://trac.cakephp.org/ticket/3364
Aha! So you did follow through. My most humble appologies.
--
Chris Hartjes
Inter
Ya I had this out with nate already. I've given up. I think my
solution was to set the hash type to none.
https://trac.cakephp.org/ticket/3364
On Jan 18, 1:38 pm, "Chris Hartjes" <[EMAIL PROTECTED]> wrote:
> On Jan 18, 2008 3:32 PM, rtconner <[EMAIL PROTECTED]> wrote:
>
>
>
> > This particular is
On Jan 18, 2008 3:32 PM, rtconner <[EMAIL PROTECTED]> wrote:
>
> This particular issue is the framework trying to baby it's users.
> Telling us that we can't implement our own security practices. It's
> not even that you can turn it off if you don't want it, you just can't
> turn it off. You liter
This particular issue is the framework trying to baby it's users.
Telling us that we can't implement our own security practices. It's
not even that you can turn it off if you don't want it, you just can't
turn it off. You literally have to "deal with it" with a little
workaround of some sort. Not
Now it's comments like this that help me understand why the developers
sometimes get frustrated with this mailing list. This statement serves
absolutely no purpose. It is a blind criticism without any productive
alternative.
Frameworks are developed for the mass, not individuals. Meaning, what's
t
On Jan 18, 2008 2:31 PM, rtconner <[EMAIL PROTECTED]> wrote:
>
> I'll just say, I love any and all complaints about that auto hashing
> thing. I think it's silly and annoying and shouldnt be part of cake.
>
I think it's silly that people can't figure out how to deal with it.
The point of hashing
I'll just say, I love any and all complaints about that auto hashing
thing. I think it's silly and annoying and shouldnt be part of cake.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to th
Thanks for the example djiize.
I'm curious if that is the SOLE intended use of the Auth::authenticate
attribute?
Right now it appears as if it is, but the description "A reference to
the object used for authentication" suggests that it is intended to be
used for more than just a way to override
http://bin.cakephp.org/view/266619336
Quick test of what I said, you just need to modify User->password
function to your needs.
On 18 jan, 12:45, MrTufty <[EMAIL PROTECTED]> wrote:
> What he said ;)
>
> I've been working with overriding hashPasswords to provide a randomly
> salted sha256 impleme
What he said ;)
I've been working with overriding hashPasswords to provide a randomly
salted sha256 implementation, but my brains leaked out of my ears
(that'll teach me to code at 3am).
Steve
On Jan 18, 11:30 am, djiize <[EMAIL PROTECTED]> wrote:
> You can already choose your hashing method, s
You can already choose your hashing method, see in function
Auth::hashPasswords
If you define Auth->authenticate variable with the name of an object
of your own that definse the function hashPasswords, this function
will be called instead of the Auth default one
If you just want md5 or sha256 ins
nate, someone could want to use other hashing methods and not the
default one.
i vote for enabling :)
and adding the last crypt component to cake :D
On Jan 18, 6:18 am, nate <[EMAIL PROTECTED]> wrote:
> No. Disabling password hashing is Evil with a capital "E". That's
> why I don't let you do
No. Disabling password hashing is Evil with a capital "E". That's
why I don't let you do it.
On Jan 17, 11:03 am, dizz <[EMAIL PROTECTED]> wrote:
> Thanks to both of you, I thought of this, but I thought it would be
> easier to disable the AuthComponent::hashPasswords and then do what
> Baz did
Here is another somewhat way to do it.
Your real password field is called: passwd
In your form, place a field called: new_password
Now call these lines in your controller:
$this->data['User']['new_password_hash'] = $this->Auth-
>password( $this->data['User']['new_password']);
$this->User->save(
Thanks to both of you, I thought of this, but I thought it would be
easier to disable the AuthComponent::hashPasswords and then do what
Baz did above.
Anyways thanks again for the help.
-Andrew
On Jan 17, 10:45 pm, Baz <[EMAIL PROTECTED]> wrote:
> Yep,
>
> Use a different field, eg. new_passwor
Yep,
Use a different field, eg. new_password or something. (I'm assuming
you're validating when creating a password. No need for login)
Here's assuming you have a model called User:
// needed for validation for some reason
$this->User->set($this->data);
if ($this->validates($this->data))
{
On Jan 17, 2008 10:31 AM, dizz <[EMAIL PROTECTED]> wrote:
>
> Hello,
>
> I am using the auth component and before my model can validate the
> password the auth component already encrypts the password so making it
> impossible to use the between built in valid method.
>
> Is there any work around f
23 matches
Mail list logo
