I can't really think of a good reason to do that. If you want to change you can verify the hash matches prior to changing for (old password verification). I can't think of a situation where you would bring the hashed value back in a field and display it to the browser....unless I am missing your statement I think this is a good design how it is now in 2.0.
From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of Jeremy Burns | Class Outfit
Sent: Wednesday, July 27, 2011 2:55 PM
To: cake-php@googlegroups.com
Subject: Re: CakePHP 2.0 Auth not hashing password
Yup, I get that. I was merely raising the possibility of an already hashed password getting hashed again. What's the advice for telling whether or not a password has already been hashed?
Jeremy Burns
Class Outfit
http://www.classoutfit.com
On 27 Jul 2011, at 19:40, Ceeram wrote:
This is mentioned in the migration guide, Auth doesnt auto hash your passwords anymore, you need to handle that manually in 2.0 . It was very confusing for new users to have the passwords auto hashed.
--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
No comments:
Post a Comment