[Solar-talk] Authentication Module: Password Changes
Paul M Jones
pmjones at paul-m-jones.com
Sat May 17 17:32:23 CDT 2008
On May 15, 2008, at 15:25 , Rodrigo Moraes wrote:
> On Thu, May 15, 2008 at 4:06 PM, Kilbride, James P. wrote:
>> The problem is that the authentication adaptor has the information on
>> what hash function was used, which column, etc. I can(and do) right
>> now
>> manually recreate that but since authentication knows which column
>> should be managed and what function to encrypt it with, and what the
>> salt is(the salt is probably the most critical really) it felt like
>> it
>> should be able to do that to maybe. Or at least have a way to return
>> some of that information easily.
>
> I think it is a good idea to make the adapter a bit 'dumb' and call
> methods to read the data (using hash / salt) from a model,
> centralizing these config's there. You'd need a slightly different
> adapter and move this data-related stuff to the model.
Rodrigo has it right, here. The authentication adapters are intended
for reading from the authentication store, not for managing user
accounts. User account management is more properly the domain of a
model and/or controller.
Now, it is possible that at some point in the future, Solar may have a
user-management app as part of its "demo" apps (to go along with the
bookmarks app) but that's not likely to be a real-world solution for
anyone.
If you like, you can keep the salt value in the config file under `
$config['Solar_Auth_Adapter_Sql']['salt']`, and then you can read that
value from anywhere else using `$salt =
Solar::config('Solar_Auth_Adapter_Sql', 'salt')`.
-- pmj
More information about the Solar-talk
mailing list