In a previous post I explained why bCrypt is a good choice for hashing your passwords. In this post I will show were you can hash and check your passwords: in your handlers, in a service layer or in some entity model. When using cbsecurity I will show you why it fits best in your service layer or entity model.
But let’s start with some hashing and checking in a handler. Make sure bcrypt is installed by using commandbox and execute the command:
Let’s say you want to store your password in a db table. Bcrypt has two important methods for hashing and checking called hashPassword()
and checkPassword()
but you have to call them on a bcrypt instance, so you can inject bcrypt in a handler:
property name="bCrypt" inject="BCrypt@BCrypt";
or getting your instance directly by calling getInstance("BCrypt@BCrypt"
). But you don’t have to do this, by installing the module some mixin helpers are created so you can just call bCryptHash()
or bCryptCheck()
. These handy functions will be available in all handlers, views, layouts or even interceptors. So let’s say we want to save a user in some handler it will look like this:
Continue reading
Recent Comments