| # |
Jul 12th 2018, 15:37 |
 ricksaccous |
well if someone already compromised your database, yes, if not it's fine, lol |
| # |
Jul 12th 2018, 15:36 |
camdenbassett |
I was using them as examples. Basically my main question is, is it safe to send a password through multiple hash algorithms if one of them is insecure, like md5, and others are more secure, like sha or Argon. |
| # |
Jul 12th 2018, 15:35 |
neon1024 |
Wasn’t there a shell to populate counter_cache fields? |
| # |
Jul 12th 2018, 15:35 |
camdenbassett |
and I know md5 and sha1 aren't very secure anymore :) |
| # |
Jul 12th 2018, 15:34 |
dereuromark |
That was the old 2.x docs: https://github.com/dereuromark/cakephp-shim/blob/2.x/docs/Auth.md |
| # |
Jul 12th 2018, 15:34 |
camdenbassett |
Thanks, I'll take a look at that. |
| # |
Jul 12th 2018, 15:33 |
ricksaccous |
https://book.cakephp.org/3.0/en/controllers/components/authentication.html#changing-hashing-algorithms |
| # |
Jul 12th 2018, 15:32 |
ricksaccous |
i haven't done it i just know it exists, lel |
| # |
Jul 12th 2018, 15:32 |
ricksaccous |
you can set the old method and set the new one, and it will make it secure for you |
| # |
Jul 12th 2018, 15:32 |
dereuromark |
and use a fallback hasher to upgrade since 3+ years |
| # |
Jul 12th 2018, 15:32 |
dereuromark |
you should use neither of them :slightly_smiling_face: |
| # |
Jul 12th 2018, 15:32 |
ricksaccous |
there's a cakephpway to redo password hashing |
| # |
Jul 12th 2018, 15:30 |
camdenbassett |
I just need to know if there are any advantages/disadvantages to sending a password through md5 then sha vs just through sha. I have an old old old password system that I'm trying to upgrade, and the easiest route would be to just apply one hash on top of another, but I remember reading online somewhere that that might not be very secure. |
| # |
Jul 12th 2018, 15:28 |
dereuromark |
yes |
| # |
Jul 12th 2018, 15:28 |
camdenbassett |
@dereuromark was that question directed at me? |
| # |
Jul 12th 2018, 15:28 |
josbeir |
too much code |
| # |
Jul 12th 2018, 15:27 |
josbeir |
pff i hate writing unit tests for components |
| # |
Jul 12th 2018, 15:26 |
dereuromark |
those are good defaults, and rather safe :slightly_smiling_face: |
| # |
Jul 12th 2018, 15:25 |
dereuromark |
what do you need to know/do besides what CakePHP offers out of the box? |
| # |
Jul 12th 2018, 15:25 |
camdenbassett |
Anyone know of a good irc channel to discuss the cryptographic storage of passwords? |
| # |
Jul 12th 2018, 15:24 |
josbeir |
np |
| # |
Jul 12th 2018, 15:24 |
okelet |
thanks! |
| # |
Jul 12th 2018, 15:24 |
okelet |
i will try with a migration, unmarking every time i run it |
| # |
Jul 12th 2018, 15:24 |
okelet |
yes, i know, i have some migrations |
| # |
Jul 12th 2018, 15:23 |
josbeir |
check out phinx docs |
| # |
Jul 12th 2018, 15:23 |
josbeir |
you have $this->hasTable('table'); $table->hasColumn('column'); etc.. |
| # |
Jul 12th 2018, 15:21 |
josbeir |
you have methods like exists() etc |
| # |
Jul 12th 2018, 15:21 |
josbeir |
it should work ok |
| # |
Jul 12th 2018, 15:21 |
josbeir |
that has extra checks in the up/down functions |
| # |
Jul 12th 2018, 15:21 |
josbeir |
but still, all of your logic can be inside a migration class |
| # |
Jul 12th 2018, 15:20 |
okelet |
ah ok ok |
| # |
Jul 12th 2018, 15:20 |
josbeir |
bin/cake migrations rollback |
| # |
Jul 12th 2018, 15:20 |
josbeir |
well you can rollback |
| # |
Jul 12th 2018, 15:20 |
josbeir |
i dont think you can run migrations classes from a command, you can probably call the migration shell |
| # |
Jul 12th 2018, 15:19 |
okelet |
can I unmark a migration from cmd? |
| # |
Jul 12th 2018, 15:18 |
okelet |
also, if i would create a migrations every time I found a problem, i would end up with lots of migrations, that, at the end, are rubbish |
| # |
Jul 12th 2018, 15:18 |
josbeir |
you can just unmark it |
| # |
Jul 12th 2018, 15:18 |
okelet |
i would like to modify the command while I find schema problems, and run it again, with migrations, the migration would be marked as migrated and wouldn't run again |
| # |
Jul 12th 2018, 15:15 |
josbeir |
why dont you write your checking stuff in the migration itself? |
| # |
Jul 12th 2018, 15:12 |
okelet |
hi, is possible to use migrations inside a command? We have a lot of not-synced schema databases, and I need to write a command to check for columns, indexes, etc. I have tried with ConnectionManager::get('default')->getSchemaCollection()->describe('my_table') but it has no methods to removeIndex, or save like migration has... Thanks! |
| # |
Jul 12th 2018, 14:53 |
josbeir |
on does not simply underestimate cake utilities |