Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

A question about password encryption

burlingkburlingk New
edited May 2012 in Vanilla 2.0 - 2.8

I am preparing to create a few web applications. Currently, we have a Vanilla forum set up, and we want to be able to use the same password across the spectrum for all of our services.

I am preparing to write a login screen for the other services (The first one will be a sort of profile page) using Django. I want to use the existing username/password pairs that are stored in the database for Vanilla. To do this I need to know how they are encrypted so that I can do proper comparisons for authentication.

I have started digging through the Vanilla code, but it is a little complicated (the framework doesn't make digging so easy, and I am not great with PHP). :-)

Any suggestions on this topic would be very appreciated.

Even a pointer to which files are involved in authentication would be a help. :)

Answers

  • mcu_hqmcu_hq yippie ki-yay ✭✭✭

    I'm pretty sure that the passwords are hashed. Username is left plain text. Hashing != encryption.

  • burlingkburlingk New
    edited May 2012

    Perhaps "encoded for storage," is a better way of wording it. I am looking at PasswordHash.php now. I am only "rejecting" your answer because I am still digging for info and if someone has more to add, I don't want them to pass over the question because it is marked answered ^^;

  • p.s. Thanks for the response though. :) It was quick.

Sign In or Register to comment.