Tingle icon indicating copy to clipboard operation
Tingle copied to clipboard

Published 20 hours ago verified publisher icon Zelda-Universe

Improve security

Open GoldenChaos opened this issue 6 years ago • 1 comments

@Pysis868's notes from Trello:

I think it's recommended to put a moderate effort into account data. Let's think about adding salts/peppers and using good libraries and settings like bcrypt and iterations/usage amount if PHP isn't already handling this well enough for us as it is.

GoldenChaos avatar May 31 '18 16:05 GoldenChaos

The password_hash function we use already uses an automatically generated salt and bcrypt, so I'm not too worried about that. It might be worthwhile double checking for things like SQL injection and XSS attacks, but I don't expect either of these to be of too much worry (SQL injection should definitely be handled so long as we're using MySQLi properly everywhere).

mattswatson avatar Aug 05 '21 13:08 mattswatson