Hello, I'm creating an application and it will have user accounts. I have created a setAttributes functions inside my User model and I use it to pass the input from the register form and save it on db. For example
#Inside my Models/User.php
public function setAttributes($username,$password){
$this->username = $username;
$this->password = Hash::make($password);
}
#Inside my Controllers/Users.php
public function setRegister(){
$user = new User;
$username = Input::get('username');
$password = Input::get('password');
$user->setAttributes($username,$password);
Is this a safe approach, because I'm guessing there a security hole when I pass the variables in the setAttributes method since I'm not hashing the password and I just pass it as a string. Is this a better approach?
#Inside my Models/User.php
public function setAttributes(){
$this->username = Input::get('username');
$this->password = Input::get (Hash::make(('password'));
}
#Inside my Controllers/Users.php
public function setRegister(){
$user = new User;
$user->setAttributes();
Thank you.
Are you asking if there is a security issue with passing plaintext from one piece of code to another? If so, no there isn't. It's only a problem if you either storing it, or passing it as another request or something. A person isn't going to be able to stop your code at that particular point and look at the plaintext password.
Ryuske said:
Are you asking if there is a security issue with passing plaintext from one piece of code to another? If so, no there isn't. It's only a problem if you either storing it, or passing it as another request or something. A person isn't going to be able to stop your code at that particular point and look at the plaintext password.
Thank you for the quick answer, yeah that was my problem, I wasn't sure if the code was visible at that point.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast