Storing encrypted passwords

From ClassDBI

Jump to: navigation, search

Summary

You do not want to store clear text passwords in the database.

Solution 

sub normalize_column_values {
 my ($self, $h) = @_;
 if (exists $h->{password} && $h->{password}) { 
  my $command = "htpasswd -nbm ".$self->username." ".$h->{password};
  open P, "$command |" or die "Cannot run htpasswd";
  chop($_ = <P>);
  close P;
  s/\w+://g;
  $h->{password} = $_;
 }
}

$user->password("secret") will store the password in the encrypted format and $user->password will return the encrypted string.

Discussion

normalize_column_values is called before the values are stored in the database. This gets intercepted and takes the password value and encrypts it using Apache's htpasswd tool, although you could use any 1 way encryption technique.

Retrieved from "http://cdbi.dcmanaged.com/wiki/Storing_encrypted_passwords"
Personal tools