[Catalyst] password and Catalyst::Plugin::Authentication::CDBI
Sai Tong
stong at fidelio.rutgers.edu
Mon Oct 3 21:09:30 CEST 2005
Jason Kohles wrote:
>
> On Sep 29, 2005, at 11:38 AM, Sai Tong wrote:
>
>
>>
>> How does one generate password to use with authentication by
>>
>> Catalyst::Plugin::Authentication::CDBI
>>
>> ?
>>
>> Is the password stored as encrypted text in the corresponding
>> database table (Model)?
>>
>>
>
> It depends on the settings in your config, if you don't specify a
> password_hash entry, then the password is stored as clear text, if
> you do specify password_hash, then you need to hash the password
> appropriately.
>
> The way the plugin looks at it is:
>
> If password_hash contains 'sha', then use sha1_hex:
> use Digest::SHA qw(sha1_hex);
> print sha1_hex($password)."\n";
>
> If password_hash contains 'md5', then use md5_hex:
> use Digest::MD5 qw(md5_hex);
> print md5_hex($password)."\n";
>
> Otherwise the password field is assumed to contain the cleartext
> password.
>
>
Thanks for the response and explanation . Since I am using Mysql as the
backend database, I am thinking of using its encryption functions
(http://dev.mysql.com/doc/mysql/en/encryption-functions.html) to
generate the encrypted password based on user input as request to the
catalyst application. Is there any particular reason that one should
not use these database functions to perform such tasks which can be done
with Digest::SHA and Digest::MD5 when using with catalyst?
>
> _______________________________________________
> Catalyst mailing list
> Catalyst at lists.rawmode.org
> http://lists.rawmode.org/mailman/listinfo/catalyst
More information about the Catalyst
mailing list