Commit Graph

2 Commits

Author SHA1 Message Date
Sam Minnee
87e1454cd2 BUGFIX: Include salt in legacy password encryptor
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@91743 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-16 03:25:41 +00:00
Ingo Schommer
e675381cd4 ENHANCEMENT Pluggable password encryption through PasswordEncryptor class (#3665)
BUGFIX Fixed password hashing design flaw in Security::encrypt_password(). Removing base_convert() packing with unsafe precision, but retaining backwards compatibilty through pluggable encryptors: PasswordEncryptor_LegacyPHPHash (#3004)
API CHANGE Deprecated Security::encrypt_passwords()
API CHANGE Deprecated Security::$useSalt, use custom PasswordEncryptor implementation
API CHANGE Removed Security::get_encryption_algorithms()
API CHANGE MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword
API CHANGE Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90949 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-06 02:23:21 +00:00