Instead of home baking our own password checking mechanisms, we can use DBIx::Class component EncodedColumn. This way, we can remove the column 'salt' of the database, remove superfluous code hashing the password, and simply use what already exists. As another benefit, we can use the
strong Eksblowfish algorithm, which is more secure than the default bcrypt we were using.
xsawyerx
commented
8 years ago
Instead of home baking our own password checking mechanisms, we can use DBIx::Class component EncodedColumn. This way, we can remove the column 'salt' of the database, remove superfluous code hashing the password, and simply use what already exists. As another benefit, we can use the strong Eksblowfish algorithm, which is more secure than the default bcrypt we were using.
This fixes #13.