Re: MySQL Password Hashing

On Mar 21, 2011, at 21:07, cricket wrote:
> On Mon, Mar 21, 2011 at 8:55 PM, RhythmicDevil wrote:
>> PHP: 5.3.5
>> Cake: 1.3.7
>> MySQL: 5.1.47
>>
>> So if I understand it right the PHP mysql driver that cake uses does
>> not support the password hashes in MySQL, If this is true, what is the
>> proper solution given that I have a shared host and cannot enable
>> short passwords or user the old_passwords() function?
>>
>> Is Cake going to address this?

You're talking about MySQL usernames and passwords, which programs like PHP use to connect to the MySQL server. CakePHP (nor any other code written in PHP, running with a recent version of the MySQL libraries, or mysqlnd) shouldn't have any problem with (or even knowledge of) what password algorithm your MySQL server is using. So there is no problem here.

> The hashing is done in Cake itself, not the DB.

Cricket is talking about you're app's usernames and passwords, stored in your database tables, which your users use to access your CakePHP web app. CakePHP defaults to using salted sha1 hashes for passwords, so if you try to save a password into your database using a method other than your CakePHP app (like phpMyAdmin, for example), you wouldn't just be able to use "UPDATE users SET password=SHA1('newpassword') WHERE user_id=1" because that wouldn't be salted.

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.

To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php