tobil4sk
tobil4sk
It would be good to come back to this, MD5 really shouldn't be used anymore. This should be considered a major security concern for the Haxe ecosystem, especially as it...
Instead of forcing everyone to reset their passwords, we could temporarily rehash the existing passwords with a new algorithm and then update them properly when the user next logs in:...
I don't really see the point in having a transition period like that. There would be no extra security provided by the other hash during this period, as cracking the...
> Once a user have their new password hash stored in the DB, the old md5 wouldn't be used anymore. That's possible to do with the plan I sent above,...
> I think the conclusion is that we need hashing on both client side and server side. I really don't see the benefit of hashing on both the client and...
In #564, I implemented the gradual migration to argon2id as I described. If we were to hash on the client as well (which I personally still oppose), we'll probably need...
@Simn Check again ;)
It's just because we have an entire copy of the pcre library within `include/pcre`, so updating to pcre2 requires updating all these files. I think the reasoning behind this has...
And yes, the files were reorganised with pcre2 as far as I can tell. This the documentation file that describes how to build pcre2 on Windows which I followed: https://github.com/PCRE2Project/pcre2/blob/master/NON-AUTOTOOLS-BUILD
Ah, I wasn't aware of that. We should probably just mark the entire `include` directory, although that might be outside the scope of this PR.