+ Reply to Thread
Results 1 to 2 of 2

Thread: Salting the right way.

  1. 05-27-2009 09:54 AM #1
    whisher
    whisher is offline Member
    Send a message via ICQ to whisher
    Join Date
    May 2009
    Location
    Kakiland
    Posts
    32

    Default Salting the right way.

    Hi.
    For my first step I set up
    this simple way

    for every user at registration

    [PHP]$secret= md5('rob'.'yoursalt');[/PHP]

    I put $secret into Db

    an than

    [PHP]
    $authAdapter = new Zend_Auth_Adapter_DbTable(
    $db,
    'usersmy',
    'username',
    'password',
    "MD5(CONCAT(?,'yoursalt'))"
    );
    [/PHP]

    and it works.

    In the reference
    Zend Framework: Documentation

    there is an other way like

    [PHP]
    $adapter = new Zend_Auth_Adapter_DbTable(
    $db,
    'users',
    'username',
    'password',
    "MD5(CONCAT('"
    . Zend_Registry::get('staticSalt')
    . "', ?, password_salt))"
    );
    [/PHP]

    Can you give me a working example, please ?

    Imho is better put the
    md5 hash (password + salt)
    in only one field (password)
    Why the reference create an other
    field password_salt ?

    What do you think about ?


    Bye.
    Last edited by whisher; 05-27-2009 at 11:28 AM.
    Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
    Reply With Quote Reply With Quote
  2. 05-28-2009 04:28 PM #2
    whisher
    whisher is offline Member
    Send a message via ICQ to whisher
    Join Date
    May 2009
    Location
    Kakiland
    Posts
    32

    Default

    Zend_Auth salted Chips …. no salted Passwords | RedBB - Red Bulletin Board
    Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
    Reply With Quote Reply With Quote
+ Reply to Thread
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules