字preSS和CakePHP的密码散列为SSO [英] Password Hashing for SSO between Wordpress and CakePHP
问题描述
我们有哪些,我们要利用CakePHP的框架,逐步重建一个字preSS站点。我们将逐步替换的单词preSS站点的不同部分,因此,我们需要实现某种形式的单点登录上,允许在时间跨两个框架的授权,而这两个框架都并排跑一边。
We have a Wordpress site which we are going to gradually rebuild using the cakePHP framework. We will replace different parts of the Wordpress site incrementally, so we need to implement some sort of single sign on to allow authorization across both frameworks during the time while both frameworks are running side by side.
我们对如何做到这一点pretty好的策略。总之,我们将复制在两个不同的表中的所有用户行:一个表的Word preSS( wp_users )和不同的表蛋糕(用户)。 [更多信息概述<一href=\"http://stackoverflow.com/questions/15188261/single-sign-on-sso-between-word$p$pss-and-cakephp\">here (如果你有兴趣)。]
We have a pretty good strategy for how to do this. In short, we will duplicate all user rows in two different tables: one table for Wordpress (wp_users) and a different table for Cake (users). [More details outlined here (in case you're interested).]
这意味着,当我们在Word中创建preSS或蛋糕用户,我们创建另一个表相同的用户也是如此。这是大多是无害的...
This means when we create a user in Wordpress or Cake, we create the same user in the other table as well. This is "mostly harmless"...
我们正在努力与Word preSS和蛋糕之间的不同的密码散列策略。为了挽救的相同的两个表中的用户密码,我们需要弄清楚如何散列它使每一个相应的框架,可以检查它。
We are struggling with the different password hashing strategies between Wordpress and Cake. In order to save the same user password in both tables, we need to figure out how to hash it so that each respective framework can check it.
字preSS采用了pretty先进的哈希算法: PHPass 。蛋糕(默认),似乎提供了较传统算法进行选择:SHA1,MD5,河豚......带有可选salting.We're上的Word preSS产生的事实/电子邮件卡默认密码为新用户和然后立即保存在DB哈希版本。该密码哈希的版本是pretty无用的蛋糕,除非我们能弄清楚如何复制所有的话语preSS授权协议(这似乎有点令人生畏的新蛋糕的用户)。
Wordpress uses a pretty advanced hashing algorithm: PHPass. Cake (by default) seems to offer a choice of more traditional algorithms: SHA1, md5, blowfish... with optional salting.We're stuck on the fact that Wordpress generates/emails a default password to new users and then immediately saves a hashed version in the DB. This hashed version of the password is pretty useless to cake, unless we can figure out how to replicate all of the Wordpress authorization protocols (which seems somewhat daunting for new Cake users).
有一种优雅的解决这个问题?
Is there an elegant solution to this problem?
推荐答案
我会建议保持用户的管理的集中在这两种话语preSS或CakePHP的,直到迁移到CakePHP中完成。
I would suggest to keep user management centralised in either Wordpress or CakePHP until the migration to CakePHP is completed.
由于CakePHP的2.3,bcrypt /河豚正式支持的散列密码;
<一href=\"http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#using-bcrypt-for-passwords\" rel=\"nofollow\">http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#using-bcrypt-for-passwords
As of CakePHP 2.3, bcrypt/blowfish is officially supported for hashing passwords; http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#using-bcrypt-for-passwords
不过,如果你已经有工作的单一登入,为什么不离开密码同步的暂时的?一旦移植到CakePHP是完整的,请考虑以下选项;
However, if you already have your Single-Sign on working, why not leave the password syncing for the time being? Once migration to CakePHP is complete, consider the following options;
- 发送电子邮件至包含一个独特的链接重设密码的所有用户;重置密码将实际的创建的CakePHP中的散列密码,并启用新的帐户。独特的链接应后失效(也确保该链接将在一段时间后过期反正)
- 因为CakePHP的和PHPass都使用bcrypt /河豚,你可以完成迁移时的密码哈希复制到CakePHP的。但是,您将需要determin'如何'PHPass密码和盐存储(不同的字段?用分隔符单场?)。您可能需要编写自己的<一个href=\"http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#creating-custom-authorize-objects\"相对=nofollow>授权对象,将选择合适的'盐'从数据库
- Send an email to all users containing a unique link to reset their password; resetting the password will actually create a hashed password in CakePHP and enable the new account. The unique links should be invalidated after that (also make sure that the link will expire after a certain period anyway)
- Because both CakePHP and PHPass use bcrypt/blowfish, you may be able to copy the hashed passwords to CakePHP when migration is completed. However, you will need to determin 'how' PHPass passwords and salts are stored (separate fields? single field with a delimiter?). You may have to write your own Authorize Object that will pick the right 'salt' from the database
这篇关于字preSS和CakePHP的密码散列为SSO的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
