[PHPBB3-12307] Password hashing library

XML

Word

Printable

Details

Type: Improvement
Status: Closed (View Workflow)
Priority: Minor
Resolution: Invalid
Affects Version/s: 3.1.0-b1
Fix Version/s: 3.1.0-b2, 3.2.0-a1
Component/s: Authentication, Login
Labels:
None

Description

Looking in phpbb/auth/provider/db.php it does a lot of things manually with the password such as hashing and converting when needed. All that functionality can be deprecated with the use of https://github.com/ircmaxell/password_compat which is a compatibility library which implements PHP 5.5's new password_* functions. See http://ca1.php.net/manual/en/book.password.php The library should be conditionally included if the core functions are not available.

This should be the preferred way of handling user passwords in a secure and future proof way.

Attachments

Activity

People

Assignee:: Andreas Fischer [X] (Inactive)

Reporter:: joelk2 [X] (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 26/Mar/14 3:31 PM

Updated:: 26/Mar/14 8:31 PM

Resolved:: 26/Mar/14 8:31 PM