Retreive from registry.>
(annotation) <#2. Set up database specifc information.>
(annotation) <#3. Secure the password better..>
(annotation) <#4. Set the authentication data.>
For a short function, quite a lot happens! The Zend_Auth_Adapter_DbTable object requires a connection
to the database; fortunately, we stored one in the registry (#1) during the bootstrap startup phase ready for this
sort of situation. After creation, we need to tell the adapter the name of the database table to use and which
Licensed to Menshu You
Please post comments or corrections to the Author Online forum at
http://www.manning-sandbox.com/forum.jspa?forumID=329
fields within that table contain the identity and credentials (#2). In our case, we need the username and
password fields from the users table.
While you can store the password in the database in plain text, it is more secure to store a hash of the
password. A hash can be thought of as a one-way encryption in that it is unique for a given source string, but if
you know the hash, you cannot determine the original string. As this is a common method of storing password
data, websites have sprung up containing thousands of hashes for the two common hash algorithms (MD5 and
SHA1). In order to help prevent reverse engineering should our data fall into the wrong hands, we further
protect our users??™ passwords with a ???salt???.
Pages:
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196