in reply to How is Catalyst storing my password salts??

You haven't said whether you use the salted_hash option or not. This bug report claims that the password salt for the "normal" hash implementation is stored in a config file or passed in via the constructor.

Replies are listed 'Best First'.
Re^2: How is Catalyst storing my password salts??
by falseazure (Acolyte) on Feb 02, 2011 at 06:28 UTC
    Thanks this is helpful. It mentions a couple of options to look into. I was not using and had not heard of salted_hash but I will look into it. Someone in the bug report thread said it uses Crypt::SaltedHash which creates a salt for each user from a function of the username, which makes sense to me. Or I might check out this bcrypt from Authen::Passphrase.
[reply]

In Section Seekers of Perl Wisdom