Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Customize password hash in UsernamePasswordProvider? #32

Closed
vasil-p opened this issue Feb 12, 2012 · 1 comment
Closed

Customize password hash in UsernamePasswordProvider? #32

vasil-p opened this issue Feb 12, 2012 · 1 comment

Comments

@vasil-p
Copy link

vasil-p commented Feb 12, 2012

Hi

from the source I can see that the UsernamePasswordProvider does a password check by using the play.libs.Crypto.passwordHash(String) method.

This enforces the user store to use the same method (or to store the password in plain text).

It wouldn't be a problem if the default hash algorithm in the play.libs.Crypto wasn't MD5 which has some security issues and is inferior to the other hashing algorythms supported ther (SHA-1 SHA-256 etc).

Is there any way to customize the password hash, except for changing the module code?
Even more - is there any way to customize the password check in UsernamePasswordProvider so that a user provided one is used (in case I don't want to use the play.libs.Crypto)?

Thank you
Vasil
@jaliss
Copy link
Owner

jaliss commented Jun 6, 2012

This is fixed in the 1.x branch now.

@jaliss jaliss closed this as completed Jun 6, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jaliss @vasil-p