diff options
author | Andrey Andreev <narf@devilix.net> | 2015-03-11 17:57:00 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2015-03-11 17:57:00 +0100 |
commit | 4fa5c4d30057525c9d16cf583aabbb5e6f8bb8bb (patch) | |
tree | b76cde9229ebbc814cf4d6b0e3b6d6786ab1d696 /user_guide_src/source/libraries | |
parent | 0b1fd2cb717d217278b025e49d97819289600a9b (diff) |
[ci skip] Add a note about password storage in CI_Encryption docs
I saw at least 2 occurrences of encryption instead of hashing
being used for password storage during the past week ...
Diffstat (limited to 'user_guide_src/source/libraries')
-rw-r--r-- | user_guide_src/source/libraries/encryption.rst | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst index 5f0979da7..0c347604c 100644 --- a/user_guide_src/source/libraries/encryption.rst +++ b/user_guide_src/source/libraries/encryption.rst @@ -2,6 +2,11 @@ Encryption Library ################## +.. important:: DO NOT use this or any other *encryption* library for + user password storage! Passwords must be *hashed* instead, and you + should do that via PHP's own `Password Hashing extension + <http://php.net/password>`_. + The Encryption Library provides two-way data encryption. To do so in a cryptographically secure way, it utilizes PHP extensions that are unfortunately not always available on all systems. |