[Catalyst] Storing a password hash with DBIC
Brandon Black
blblack at gmail.com
Thu Aug 10 17:12:23 CEST 2006
On 8/10/06, Christopher H. Laco <claco at chrislaco.com> wrote:
>
> Jonas wrote:
> > Hi,
> > I'm trying to store an hashed password in a database using DBIC. What
> > is the best way to create the digest of the password?
> > I tried with deflate, but deflate only runs when the argument is a
> reference.
> > Then i tried with an HTML::Widget Filter but the filter runs before
> > the constraints, so the password failed to match with the confirm
> > field.
> > There are any other way of doing this without explicitly making the
> > hash in the insert and update methods?
> >
> > Thanks,
> > --Jonas
>
> http://search.cpan.org/dist/DBIx-Class-DigestColumns/
Also, you could use something like:
http://pajhome.org.uk/crypt/md5/sha1src.html
And do your hashing in javascript in the browser. Basically you want to
hook onClick/onSubmit/whatever for your login form, and hash the contents of
the passwd field before doing the actual submission, using a javascript sha1
(or other algorithm of your choosing).
Its much safer from a security standpoint to hash at the browser, as this
prevents the user's cleartext password from being sent over the wire at all,
and keeps your code/logs/employees from ever having a chance at knowledge of
the actual password.
-- Brandon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.rawmode.org/pipermail/catalyst/attachments/20060810/b2a3f892/attachment.htm
More information about the Catalyst
mailing list