This is a scenario that is true to me and it is leading me to take the decision to not upgrade to Cake3 at this moment.
-- I have 2 applications and one has to communicate with another. One application has been fully built with the latest stable version of cake 2 and the new application, that is on legacy code, was going to be using cake 3 so we could benefit of all of the new perks. Unfortunately with the removal of the cipherseed and the cipher functions a password that was generated in cake2 now can't be used in cake3.
Example of password encryption results using CakePHP 2.6 and CakePHP 3
password = changeme
Salt and Cipherseed where kept the same among both versions.
CakePHP 2.6
HashClass = Simple
HashType = SHA256
Encryption result = cb15d8050a3da1c302e62d27b57e128fb4aef8207b39cd17d44afb3838390c43
CakePHP 3
HashClass = Weak
HashType = SHA256
Encryption result = c88333b093105e07acff5b19be6fbaf51e6482b1
I had asked this on twitter before and the response that I got was that there would be backwards compatibility if you were using Simple password hasher in CakePHP 2.6 and upgraded it to CakePHP 3 so I wouldn't need to change all my users passwords through the database or force them to reset their password.
Based on the result above I don't see how I can use the same password system from Cake 2 to Cake 3 and it also doesn't seem like it is using the hashType set on config.
Is there anything I'm missing here. Can anyone help?
I need to decide really quick if I will move forth with Cake 3 or keep development with Cake 2.
Thanks in advance.
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment