Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve security #131

Open
GoldenChaos opened this issue May 31, 2018 · 1 comment
Open

Improve security #131

GoldenChaos opened this issue May 31, 2018 · 1 comment
Assignees
@Pysis868
Labels
enhancement
Milestone
0.7

Comments

@GoldenChaos
Copy link

@Pysis868's notes from Trello:

I think it's recommended to put a moderate effort into account data.
Let's think about adding salts/peppers and using good libraries and settings like bcrypt and iterations/usage amount if PHP isn't already handling this well enough for us as it is.
@GoldenChaos GoldenChaos added this to the 0.7 milestone May 31, 2018
@mattswatson
Copy link
Contributor

The password_hash function we use already uses an automatically generated salt and bcrypt, so I'm not too worried about that. It might be worthwhile double checking for things like SQL injection and XSS attacks, but I don't expect either of these to be of too much worry (SQL injection should definitely be handled so long as we're using MySQLi properly everywhere).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Pysis868 Pysis868

Labels
enhancement
Projects
None yet
Milestone
0.7
Development

No branches or pull requests
3 participants
@GoldenChaos @Pysis868 @mattswatson