summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source/libraries
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2015-03-11 17:57:00 +0100
committerAndrey Andreev <narf@devilix.net>2015-03-11 17:57:00 +0100
commit4fa5c4d30057525c9d16cf583aabbb5e6f8bb8bb (patch)
treeb76cde9229ebbc814cf4d6b0e3b6d6786ab1d696 /user_guide_src/source/libraries
parent0b1fd2cb717d217278b025e49d97819289600a9b (diff)
[ci skip] Add a note about password storage in CI_Encryption docs
I saw at least 2 occurrences of encryption instead of hashing being used for password storage during the past week ...
Diffstat (limited to 'user_guide_src/source/libraries')
-rw-r--r--user_guide_src/source/libraries/encryption.rst5
1 files changed, 5 insertions, 0 deletions
diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst
index 5f0979da7..0c347604c 100644
--- a/user_guide_src/source/libraries/encryption.rst
+++ b/user_guide_src/source/libraries/encryption.rst
@@ -2,6 +2,11 @@
Encryption Library
##################
+.. important:: DO NOT use this or any other *encryption* library for
+ user password storage! Passwords must be *hashed* instead, and you
+ should do that via PHP's own `Password Hashing extension
+ <http://php.net/password>`_.
+
The Encryption Library provides two-way data encryption. To do so in
a cryptographically secure way, it utilizes PHP extensions that are
unfortunately not always available on all systems.