Symfony / FOSuserBundle:盐为空?
Symfony / FOSuserBundle : salt are null?
我正在使用:
- Symfony 3.4
- FOSUserBundle 2
FOSuserbundle 已经安装好并且运行起来非常棒。我注意到在我的数据库中,在用户 table 中,列 "salt" 始终为空:
以下是我的 security.yml 文件的摘录:
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
作为记录,我使用命令 "fos:user:create" 添加了 2 个用户。
这正常吗?
是的,这是正常的,因为使用 bcrypt 盐包含在散列密码中。
参考:https://php.net/manual/password.constants.php#constant.password-bcrypt
salt (string) - to manually provide a salt to use when hashing the
password. Note that this will override and prevent a salt from being
automatically generated.
If omitted, a random salt will be generated by password_hash() for
each password hashed. This is the intended mode of operation and as of
PHP 7.0.0 the salt option has been deprecated.
您可以在 source 中看到行为:
// FOSUserBundle/Util/PasswordUpdater.php [Line 43]
if ($encoder instanceof BCryptPasswordEncoder) {
$user->setSalt(null);
}
我正在使用:
- Symfony 3.4
- FOSUserBundle 2
FOSuserbundle 已经安装好并且运行起来非常棒。我注意到在我的数据库中,在用户 table 中,列 "salt" 始终为空:
以下是我的 security.yml 文件的摘录:
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
作为记录,我使用命令 "fos:user:create" 添加了 2 个用户。
这正常吗?
是的,这是正常的,因为使用 bcrypt 盐包含在散列密码中。
参考:https://php.net/manual/password.constants.php#constant.password-bcrypt
salt (string) - to manually provide a salt to use when hashing the password. Note that this will override and prevent a salt from being automatically generated.
If omitted, a random salt will be generated by password_hash() for each password hashed. This is the intended mode of operation and as of PHP 7.0.0 the salt option has been deprecated.
您可以在 source 中看到行为:
// FOSUserBundle/Util/PasswordUpdater.php [Line 43]
if ($encoder instanceof BCryptPasswordEncoder) {
$user->setSalt(null);
}