Comments (8)
JABirchall
commented on May 31, 2024
3
I dont see what needs implimenting? If you use php7.2 you can just use password_hash('password', PASSWORD_ARGON2I) What does phalcon need to impliment here? Unless your asking phalcon to impliment argon to be used on versions < 7.2?
from phalcon.
RayHughes
commented on May 31, 2024
I dont see what needs implimenting? If you use php7.2 you can just use
password_hash('password', PASSWORD_ARGON2I)What does phalcon need to impliment here? Unless your asking phalcon to impliment argon to be used on versions < 7.2?
Yes you are correct. However, Phalcon has a security wrapper (https://docs.phalconphp.com/hu/3.4/security) that is injectable through the DI container. Using the security component allows users to call it throughout there module with pre-configured properties etc.
Yes you could technically write a wrapper around the password_hash() method and pre configure it yourself but why reinvent the wheel.
This is a framework after all and in its current form it does provide password hashing abilities, so it should either improve on them or drop them completely.
from phalcon.
ViltusVilks
commented on May 31, 2024
Yes, it is a framework, which can be "overriden"
- Extend Phalcon\Security, override needed part
- Set in DI for
security\MyApp\Lib\Whatever\MySecurity
Problem for Argon can be that it needs library/extension and these checks will be done for all "phalcon customers" when upgraded.
Other point - use OAuth2/JWT/SSO with authentication servers (quite easy with Docker deployment) so You can forget about passwords, but will have bit more work to implement authorization layer
from phalcon.
JABirchall
commented on May 31, 2024
Yes you are correct. However, Phalcon has a security wrapper (https://docs.phalconphp.com/hu/3.4/security) that is injectable through the DI container.
Ahh ok, So maybe would be best to NFR a $security->setPasswordHashAlgorithme(int $algorithmeConst)
from phalcon.
RayHughes
commented on May 31, 2024
Not an available option which was the point for my issue...
from phalcon.
JABirchall
commented on May 31, 2024
@RayHughes Thats what I mean, Maybe phalcon should add such a method to allow devs choose which hashing function to use since PHP has so many now and are prolly going to add more.
from phalcon.
RayHughes
commented on May 31, 2024
@JABirchall my bad on the interpretation and I agree with your suggestion.
from phalcon.
niden
commented on May 31, 2024
Closing in favor of phalcon/cphalcon#13855. Will revisit if the community votes for it, or in later versions.
from phalcon.
Related Issues (20)
- [NFR]: Replace regexp in the router with arrays for extra performance
- Can't access page, 404 FORBIDDEN
- Can I use `$this->getRelated` on already cached data?
- [BUG]: Scrutinizer Fixes HOT 1
- [NFR]: ADD sticky for read write connection
- [NFR]: removeBehavior method in Model
- [NFR]:returnedValue not updated after dispatcher->forward
- [NFR]: No way to add html attributes to Select Tag. documentation inadequate HOT 1
- [BUG]: The "setDefault" method does not work for forms of type "text" with name "value" HOT 5
- update src folder links
- How to use cookie in phalcon 4.x ? HOT 1
- update tests folder links
- [NFR]: Complete rework of ORM HOT 3
- [BUG]: \Phalcon\Encryption\Crypt + named parameters/arguments throw fatal error. HOT 1
- [NFR]: Refactor Phalcon\Mvc\Router/Route HOT 1
- [NFR]: Refactor Phalcon\Mvc\Model\MetaData
- phalcon 3,4 webhook problem HOT 2
- [NFR]: What is the purpose of this library? HOT 3
- [NFR]: Add a getResult() or fetchAll() method to Resultset\Simple
- [BUG]: when i use JWT Builder , api returns blank HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from phalcon.