Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Is it possible to decrypt password using simpleauth?
  • sosekisoseki
    Dear sir,

    I am using simpleauth package to implement login/logout function.

    And then I have to decrypt password and output it on the screen.

    Is it possible to do it?

    Thank you.
  • bvnbvn
    As I know, it is not possible.
  • sosekisoseki
    Yes, that is what I expect actually.

    Because password decryption is not possible, I have to keep original password in the db.
  • HarroHarro
    No, passwords are hashed, not encrypted.

    And from a security point of view, it is a very BAD idea to store passwords. Ever. If someone asks you to do that, explain to them it is not an option.

    Instead, add a mechanism to your application with which users can request a new password (a password-lost feature). See https://fuelphp.com/docs/packages/auth/examples/auth.html#/password-recovery for an example of a secure implementation.
  • sosekisoseki
    Hello there, 

    Thank you for your reply.

    Yes, I know that it is very bad thingy to implement. 

    However, the reason why I need to implement this thingy is that I am making integrate login system that enables to login to 5 different systems with different password, but, user id is the same.

    Also, this has to be implemented by one clicking.

    Therefore, I need to decrypt password or store the password in the database, which is bad idea.

    Well....possibly I might think of different idea.

    Then, I know the "a password-lost feature".

    I implemented this feature in the last project.
  • HarroHarro
    Accepted Answer
    If you need to store it. use the Crypt class to encrypt / decrypt it. That at least would require access to both your database data and your code to be able to decrypt it (as the keys are in the crypt config file).

    If you're using Orm, 1.9/dev has the option to automatically encrypt/decrypt column values.
  • sosekisoseki
    Thank you for your suggestion.

    Well....I might have to do it that way.

    Then, I am current using Orm 1.8.*.

    Is Orm 1.9/dev stable?


  • HarroHarro
    Yes, it is (at the moment).

    You can also manually copy the Observer_Typing class in the Orm package over, that is the only file changed.
  • sosekisoseki
    Okay, I may try that.
    Thank you for your help :)
Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

In this Discussion