[Chicago-talk] dancer2 authentication
Chris Hamilton
cjhamil at gmail.com
Tue Aug 11 16:30:41 PDT 2015
I don't use Dancer, but I believe what you're looking for is
Dancer2::Plugin::Passphrase.
https://metacpan.org/pod/Dancer2::Plugin::Passphrase
The important things to do (especially if you opt not to use a plugin) is
to ensure you are using distinct per-user salts and using a strong hashing
algorithm (e.g. bcrypt). You'll store the salt and the bcrypt result in
two columns in your DB. To validate an authentication request from a user
you will take their input, concatenate it with the same salt, bcrypt the
result, and then compare the output to what you have stored. If they
match, the password was correctly entered.
-Chris
On Tue, Aug 11, 2015 at 5:21 PM, <richard at rushlogistics.com> wrote:
> I am using dancer2 and was wondering if someone could point me in the
> direction of code that encrypts a password provided by a user and so that
> it can be stored in a MySQL database and code that would would allow me to
> match a provided password with the stored one when the user wants to log
> back in. Would in be better to use some sort of dancer plugin or just write
> my own code that uses Blowfish and Crypt:CBC? I am hoping that there must
> be some strong existing code out there. Please let me know if you know of
> any or if you have any ideas.
>
> Thanks
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/chicago-talk/attachments/20150811/8b127e75/attachment.html>
More information about the Chicago-talk
mailing list