JaxPHP / JaxWeb Message Board › Yii hash of passwords
|A former member||
Another thing about some of the chatter in the background was on password security.
After reading much, it looks like Yii does not hash passwords and must be coded to do so. There looks to be a user manage module to help with this. Storing unhashed and unsalted passwords is never a good thing. There are too many ways for data to leak such as company employees, shared server databases, website insecurities and poor scripting. It is one thing to compromise your data but to compromise user/passwords would destroy the ability to hold your users accountable and possibly make you liable for damages caused by a hacker portraying to be the user.
User Management Module
rehash password only when changed
public function authenticate()
// username => password
ZipOnOver, Local business Directory
When will the Ruby on Rails people stop the BS?
Daniel's Corner - Comparison of PHP frameworks – Part I
"I edited the PHP version to just check if the array is empty, just like the Ruby version. Like magic, the execution time of the PHP version dropped more than half. The PHP version went from being ~70% slower than the Ruby version to being ~17% faster."
Orange Park, FL
Yes, Tim, the Yii default login is really just a placeholder. Any app involving security for multiple users and roles should definitely crack the User Management Module.
For http://888wuzdead.com we'd already set up a users table before committing to Yii. And we only have two roles: user and admin.
So we stuck with our original schema, then customized the Yii login to support our "first one's free" approach:
I've seen lots of claims about Yii being fast. We're not pushing it enough to worry about benchmark comparisons, but it's definitely not slow.