문제

In yii2,the table structure for the user table does not include a salt column.

 $this->createTable('tbl_user', [
        'id' => Schema::TYPE_PK,
        'username' => Schema::TYPE_STRING . ' NOT NULL',
        'auth_key' => Schema::TYPE_STRING . '(32) NOT NULL',
        'password_hash' => Schema::TYPE_STRING . ' NOT NULL',
        'password_reset_token' => Schema::TYPE_STRING . '(32)',
        'email' => Schema::TYPE_STRING . ' NOT NULL',
        'role' => Schema::TYPE_SMALLINT . ' NOT NULL DEFAULT 10',

        'status' => Schema::TYPE_SMALLINT . ' NOT NULL DEFAULT 10',
        'create_time' => Schema::TYPE_INTEGER.' NOT NULL',
        'update_time' => Schema::TYPE_INTEGER.' NOT NULL',
    ], $tableOptions);

This really make me confused. Although Yii uses a salted hash, its not stored in the database by default. Should i rewrite the code to make it store in the database?What if i do not sore the salt in the database?

도움이 되었습니까?

해결책

This salt, used in Yii2 Security helper doesn't require for storing in db, it is only used for creating password hash, but not need to compare password with hash. So it's pretty secure.

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top