Reputation: 4763
Cakephp 2.5x password hashing. Security class or SimplePasswordHasher?
I am looking for option where I can encrypt an application password which is unique to that app. Example, the same database won't work if the salt changes Security.salt of an app is usually unique.
This link shows an example of new SimplePasswordHasher(['hashType' => 'sha256'])->has($data)
However, when I checking Api of Security class I saw this function which is a static function and I can supply sha256 and default salt to true. I am not using blowfish.
AuthComponent::password() is deprecated so please do not suggest that.
Which is more Cake way of doing things?
Upvotes: 1
Views: 688
Answers (2)
Reputation: 4763
SimplePasswordHasher calls Security::hash. Jeez!
Ref: http://api.cakephp.org/2.5/source-class-SimplePasswordHasher.html#33-42
Upvotes: 2
Reputation: 116
In your auth models:
public function beforeSave($options = array()) {
parent::beforeSave();
if (!empty($this->data['Model']['password'])) {
$this->data['Model']['password'] = Security::hash($this->data['Model']['password'], 'sha256', true);
}
return true;
}
Upvotes: 0
Related Questions
- CakePHP4: Where should I put my custom PasswordHasher
- Class 'SimplePasswordHasher' not found
- Cake PHP Simple Password Hasher()
- Hashing a password
- How to configure CakePHP's $this->Auth->login() to use custom password hasher
- How to use my own password hasher
- cakephp auth component: password hashing problem
- Using a more secure hashing algorithm with CakePHP
- Validate passwords with CakePHP 1.3
- Using cakephp's Auth component with salted password hashes