Jump to:

4873 Posts in 7139 Topics by 1471 members

Installing SilverStripe

SilverStripe Forums » Installing SilverStripe » configure encryption

Getting SilverStripe up and running on your computer and on your web server.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1220 Views
  • splatEric
    Avatar
    Community Member
    15 Posts

    configure encryption Link to this post

    Hi,

    I've been trying to turn on password encryption for users, but have been having no luck - passwords are still being stored in my db in plaintext. I put the following in _config.php

    Security::encrypt_passwords(true);

    further digging revealed that is deprecated in 2.4 ... but i have been struggling to find docs to say what I should be doing instead. If anyone could advise me, it would be greatly appreciated!

    cheers

    Mike

  • simon_w
    Avatar
    Forum Moderator
    467 Posts

    Re: configure encryption Link to this post

    Passwords should be encrypted by default. If they're not, try adding

    Security::set_password_encryption_algorithm('sha1_v2.4');

    to your _config.

    You can encrypt all the current plaintext passwords by running http://your-site/dev/tasks/EncryptAllPasswordsTask

  • splatEric
    Avatar
    Community Member
    15 Posts

    Re: configure encryption Link to this post

    Thanks for the reply, unfortunately I've tried what you've suggested and it doesn't seem to have had any impact. I added a new member afterward (through the admin cms) and the password was still stored in plaintext.

    I have got default admin user set up ... would that have any impact?

  • simon_w
    Avatar
    Forum Moderator
    467 Posts

    Re: configure encryption Link to this post

    If you're using 2.4.0 (or 2.4.1 IIRC), then that is a problem. There was a slight bug that caused the default admin to use plaintext passwords.

  • splatEric
    Avatar
    Community Member
    15 Posts

    Re: configure encryption Link to this post

    d'oh! Now I feel stupid

    thanks for the tip, sorted that problem now!

    M

    1220 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.