[Catalyst] Storing a password hash with DBIC
blblack at gmail.com
Thu Aug 10 17:12:23 CEST 2006
On 8/10/06, Christopher H. Laco <claco at chrislaco.com> wrote:
> Jonas wrote:
> > Hi,
> > I'm trying to store an hashed password in a database using DBIC. What
> > is the best way to create the digest of the password?
> > I tried with deflate, but deflate only runs when the argument is a
> > Then i tried with an HTML::Widget Filter but the filter runs before
> > the constraints, so the password failed to match with the confirm
> > field.
> > There are any other way of doing this without explicitly making the
> > hash in the insert and update methods?
> > Thanks,
> > --Jonas
Also, you could use something like:
hook onClick/onSubmit/whatever for your login form, and hash the contents of
(or other algorithm of your choosing).
Its much safer from a security standpoint to hash at the browser, as this
prevents the user's cleartext password from being sent over the wire at all,
and keeps your code/logs/employees from ever having a chance at knowledge of
the actual password.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Catalyst