From 4fa5c4d30057525c9d16cf583aabbb5e6f8bb8bb Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Wed, 11 Mar 2015 18:57:00 +0200
Subject: [ci skip] Add a note about password storage in CI_Encryption docs

I saw at least 2 occurrences of encryption instead of hashing
being used for password storage during the past week ...
---
 user_guide_src/source/libraries/encryption.rst | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'user_guide_src/source/libraries')

diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst
index 5f0979da7..0c347604c 100644
--- a/user_guide_src/source/libraries/encryption.rst
+++ b/user_guide_src/source/libraries/encryption.rst
@@ -2,6 +2,11 @@
 Encryption Library
 ##################
 
+.. important:: DO NOT use this or any other *encryption* library for
+	user password storage! Passwords must be *hashed* instead, and you
+	should do that via PHP's own `Password Hashing extension
+	<http://php.net/password>`_.
+
 The Encryption Library provides two-way data encryption. To do so in
 a cryptographically secure way, it utilizes PHP extensions that are
 unfortunately not always available on all systems.
-- 
cgit v1.2.3-24-g4f1b