# |
Mar 16th 2018, 15:25 |
dereuromark |
the internal one doesnt need salt afaik, as it has something built in |
# |
Mar 16th 2018, 15:24 |
bez |
if it did, then it would work ok |
# |
Mar 16th 2018, 15:24 |
bez |
not sure why cake is not using the salt there |
# |
Mar 16th 2018, 15:24 |
patsuckow |
is there any minimum example or reference to an example? Just in the documentation something as I can not find |
# |
Mar 16th 2018, 15:24 |
bez |
i just did, and it works |
# |
Mar 16th 2018, 15:24 |
bez |
if I manually do the hashing with the password and salt (using the php function DefaultPasswordHasher uses) and save it on the database, I alway get the same hash and then I can login |
# |
Mar 16th 2018, 15:23 |
dereuromark |
you need to look into their code |
# |
Mar 16th 2018, 15:23 |
dereuromark |
the internal for default seems to be the password hasher of PHP, so yeah, some internal salt probably |
# |
Mar 16th 2018, 15:23 |
dereuromark |
especially when form validation is relevant |
# |
Mar 16th 2018, 15:23 |
dereuromark |
but the default usually is the same action for obvious usability reasons |
# |
Mar 16th 2018, 15:22 |
dereuromark |
you can always post date from any action to any action |
# |
Mar 16th 2018, 15:22 |
bez |
yah, i don't think cake is using the salt, as the password hash generated each time is very different from each other |
# |
Mar 16th 2018, 15:21 |
patsuckow |
dereuromark, thanks again for the help, what I needed. But all the same, but tell me, in principle, is there a way to send data in one controller from one action to the action of the same POST controller? |
# |
Mar 16th 2018, 15:11 |
generitter |
Good to know. |
# |
Mar 16th 2018, 15:09 |
bez |
in the entity, this is what i did: ``` protected function _setPassword($password) { Security::setSalt('MYSALT'); return (new DefaultPasswordHasher)->hash($password); } ``` but still failing to sign in |
# |
Mar 16th 2018, 15:08 |
bez |
oh, right, it did now |
# |
Mar 16th 2018, 15:08 |
dereuromark |
there is no such thing as perfect here |
# |
Mar 16th 2018, 15:08 |
dereuromark |
In general there is never a moratorium on docs :slightly_smiling_face: by its very definition this always has to be improved and completed etc |
# |
Mar 16th 2018, 15:06 |
dereuromark |
So getSalt() will show it |
# |
Mar 16th 2018, 15:06 |
dereuromark |
https://github.com/cakephp/app/blob/master/config/bootstrap.php#L149 |
# |
Mar 16th 2018, 15:06 |
bez |
ah ok! was afraid that for some reason it was just being ignored |
# |
Mar 16th 2018, 15:06 |
dereuromark |
it is probably consumed somewhere and then stored internally |
# |
Mar 16th 2018, 15:05 |
bez |
in the entity, when trying to read the configuration for Security.salt it gives me an empty array, as if the salt is not defined, but it is =s ``` [Security] => Array ( ) ``` i was able to set a value there, are reading it again showed the correct salt, but it still does not login |
# |
Mar 16th 2018, 15:04 |
generitter |
Thank you. |
# |
Mar 16th 2018, 15:04 |
generitter |
Kk. |
# |
Mar 16th 2018, 15:04 |
dereuromark |
people will then give you feedback on it |
# |
Mar 16th 2018, 15:04 |
dereuromark |
give it a shot |
# |
Mar 16th 2018, 15:00 |
generitter |
Anyone know if there is a moratorium on type hints in the database documentation? If I make an edit and add them would it be accepted? This would especially be helpful in the anonymous functions. |
# |
Mar 16th 2018, 14:58 |
generitter |
@dereuromark Afternoon. |
# |
Mar 16th 2018, 14:55 |
patsuckow |
dareuromark, Thank you!!! |
# |
Mar 16th 2018, 14:54 |
dereuromark |
patsuckow: then read about prg, https://github.com/FriendsOfCake/search is what you want and need. |
# |
Mar 16th 2018, 14:54 |
patsuckow |
dereumark, I need to do a search through the post. I can not describe it in more detail here. |
# |
Mar 16th 2018, 14:54 |
dereuromark |
fallbackpasswordhashers |
# |
Mar 16th 2018, 14:53 |
bez |
well the two applications were made with different salt codes (with cake 2), not sure how I could do that migration without disrupting the service |
# |
Mar 16th 2018, 14:53 |
dereuromark |
or provide a way to cross-login etc |
# |
Mar 16th 2018, 14:53 |
dereuromark |
but in that case wouldnt it be better to share the same? |
# |
Mar 16th 2018, 14:52 |
dereuromark |
that should work |
# |
Mar 16th 2018, 14:51 |
bez |
also could I from the model temporarily change the salt with configure::write, so that when saving this password it uses the salt of the other application? |
# |
Mar 16th 2018, 14:50 |
bez |
i looked into to it and could not be sure, i also found some posts online on people discussing and none were sure. apparently most of them seem to believe it does not use the salt (but I agree with you that it does not make sense) |
# |
Mar 16th 2018, 14:49 |
dereuromark |
but it seems likely, for obvious security reasons |
# |
Mar 16th 2018, 14:49 |
dereuromark |
look into the code, if it uses the salt |