password storage in database hash
| GHengeveld |
|
|---|---|
|
Your code seems acceptable for Genoa. I'm not a big fan of the user_salted column, since you wouldn't want to let a hacker know that the password is salted or not (even though a hacker could find out by reading the open-source code). Why you'd assign the value of this column to a tpl tag doesn't seem like a useful/secure addition either. Anyway, it's more or less what we had in mind. For readability I think some variable names should be changed (e.g. $newspass, 'psalt'). It's consistent with the terrible variable naming practices of Genoa though. I'm assuming your //2basix comments are meant to indicate where your changes are. Don't expect them to be in the final code. Cotonti is a team effort, we don't claim individual 'ownership' of any pieces of code. Modules and plugins are a different story. Added 2 minutes later: #34738 ez: I suggest a salt of at least 20 random characters. |
