Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Installing SilverStripe /

Getting SilverStripe up and running on your computer and on your web server.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

configure encryption


Reply


5 Posts   1374 Views

Avatar
splatEric

Community Member, 15 Posts

1 October 2010 at 12:35am

Hi,

I've been trying to turn on password encryption for users, but have been having no luck - passwords are still being stored in my db in plaintext. I put the following in _config.php

Security::encrypt_passwords(true);

further digging revealed that is deprecated in 2.4 ... but i have been struggling to find docs to say what I should be doing instead. If anyone could advise me, it would be greatly appreciated!

cheers

Mike

Avatar
simon_w

Forum Moderator, 474 Posts

1 October 2010 at 1:02am

Passwords should be encrypted by default. If they're not, try adding

Security::set_password_encryption_algorithm('sha1_v2.4');

to your _config.

You can encrypt all the current plaintext passwords by running http://your-site/dev/tasks/EncryptAllPasswordsTask

Avatar
splatEric

Community Member, 15 Posts

1 October 2010 at 1:07am

Thanks for the reply, unfortunately I've tried what you've suggested and it doesn't seem to have had any impact. I added a new member afterward (through the admin cms) and the password was still stored in plaintext.

I have got default admin user set up ... would that have any impact?

Avatar
simon_w

Forum Moderator, 474 Posts

1 October 2010 at 1:09am

If you're using 2.4.0 (or 2.4.1 IIRC), then that is a problem. There was a slight bug that caused the default admin to use plaintext passwords.

Avatar
splatEric

Community Member, 15 Posts

1 October 2010 at 3:23am

d'oh! Now I feel stupid :-(

thanks for the tip, sorted that problem now!

M