NAME
Password::OWASP::AbstractBase - Abstract base class to implement OWASP password recommendations
VERSION
version 0.004
SYNOPSIS
package Password::OWASP::MyThing;
use Moose;
with 'Password::OWASP::AbstractBase';
# You need to implement this method
sub crypt_password {
...;
}
DESCRIPTION
An abstract base class for modules that want to implement OWASP recommendations for password storage.
This class implements the following methods and attributes.
ATTRIBUTES
- hashing
-
An enumeration of
sha1
,sha256
,sha512
. The latter is the default. This is used for the "hash_password" in Password::OWASP::AbstractBase function. - update_method
-
A code ref to update the password in your given store. The first argument is the password that needs to be stored. Setting this value will also enable you to update the password via "update_password" in Password::OWASP::AbstractBase.
METHODS
check_password
Check the user password, returns true or false depending on the correctness of the password. The password needs to be in a RFC2307 format.
check_legacy_password
Check the password against the former password scheme, assuming it isn't a password scheme that is understood by Authen::Passphrase and the password isn't hashed before it was stored.
In case the "update_method" in Password::OWASP::AbstractBase was provided, the password is updated in place.
update_password
Update the password if "update_method" in Password::OWASP::AbstractBase was provided.
hash_password
Hash the password with the given sha.
SEE ALSO
AUTHOR
Wesley Schwengle <waterkip@cpan.org>
COPYRIGHT AND LICENSE
This software is Copyright (c) 2019 by Wesley Schwengle.
This is free software, licensed under:
The (three-clause) BSD License