labas GamePage visogero February 2016
Does laravel safe hashes user passwords?
So I'm running one project created with Laravel 5.1 and one guy said to me that passwords are not secure something like hashes don't used etc. But I can clearly see in this function that passwords are bcrypted:
protected function create(array $data)
'name' => $data['name'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
And passwords also stored in DB as bcrypted. Should I be worried about his words?
patricus February 2016
Default Laravel Auth requires passwords to be
bcrypted, as you've shown in your code.
bcrypt is an industry standard one-way password hash and is very good.
If you roll your own authentication, we can't control how you handle your password hashing. But default Laravel Auth is secure.
Jilson Thomas February 2016
If you are not using Laravel's inbuilt Authentication, use Laravel's Hash class.
Hash::make('$data['password']'). But in your case, it looks solid and you don't have to worry about hashing again.
Ralph John Galindo February 2016
You can read
https://laravel.com/docs/5.1/installation#configuration about the Application Key.
Because of bcrypt , you can only decrypt a password where it was encrypted.
I am not saying that it is perfectly safe, but even if someone knows how
bcrypt works, if they don't know the encryption key, they will have a hard time decrypting it.
So make sure to
php artisan key:generate , if you are not using
.env configuration file.
Asked in February 2016
Viewed 3,100 times Voted 14 Answered 3 times
Leave an answer
Quote of the day: live life
Devs Planet © all rights reserved