22993 Posts in 11829 Topics by 2827 members
|Go to End|
11 November 2010 at 6:03am
Is it possible to decrypt the member password in order to push it to anther system such as webstore?
11 November 2010 at 12:28pm
No, that would defeat the purpose
11 November 2010 at 6:11pm
You can turn off encryption and store the passwords in plaintext... But obviously that comes with potential issues. You need to set Security::$encryptPasswords to FALSE
12 November 2010 at 2:42am
But that won't decrypt existing passwords will it?
12 November 2010 at 5:33am
No it won't decrypt existing passwords.
The passwords aren't actually encrypted (in a way that can be decrypted). The values in the DB are a (salted) hash of the original password. A hash like this is a one-way route, there's no way to go from a hash-value back to the password (except maybe brute-force but that could take years to figure out a password and there are potentially several passwords that result in the same hash).
So in short: If you have hash-values in the DB (the SilverStripe default), then there's no way to transform them into plain-text passwords.
12 November 2010 at 11:00am
Okay, thanks. Looks like its plan B use the member info to populate an external registration page. That way they only need to fill in the password section.
I guess just like stock once your password is salted it can't be unsalted
16 November 2010 at 5:22am
One possible solution for you could be to use the silverstripe database for the authentication to your webstore. If a shared authentication is what you're after that is.
That way a regenerated password on the site would immidiately work also to log in to your webstore.
If you use the default hashing in silverstripe I guess you got SHA algorithm with a salt. Both the algorithm and salt are found in the Member record if you need to use them in your custom authentication on the external system.
|Go to Top|