[Catalyst] Migrate from SHA hashed passwords to Bcrypt crypted
passwords
Mark Blackman
m.blackman at fairfx.com
Tue Jul 12 08:23:09 GMT 2011
On 11 Jul 2011, at 23:06, Pavel Karoukin wrote:
> On 07/11/2011 10:34 AM, Mark Blackman wrote:
>>
>>> 2) How I should update my application to have first check against new hashing algorithm and if password returns incorrect, try old one (SHA)? Should I do it through realms, or just check password in my authentication controller directly instead?
>> I'd define two realms in your configuration for each password type and then attempt authentication against both realms.
>>
>
> How does realm work when saving user? Ideally, I would like to try
> authenticate user against Bcrypt, if it fails - try SHA and if it
> success - ask user to change password which will be saved in Bcrypt realm.
Well, to be honest, you'll just have to write some explicit controller code,
for all of it IMO.
However, Florian's suggestions sounded more sensible. I wasn't aware of the
modules he referred to.
>
> How I can instruct it to save new password as Bcrypt hash if user logged
> in with SHA-hashed password?
More explicit controller code, sorry. :)
More information about the Catalyst
mailing list