• neo (he/him)OPA
    link
    fedilink
    English
    arrow-up
    38
    arrow-down
    1
    ·
    11 months ago

    For context, this guy has a history of being dismissive of legitimate security concerns like using unsalted md5 passwords

    • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
      link
      fedilink
      arrow-up
      3
      ·
      11 months ago

      Yikes, that is embarassing.

      Is opencart written in PHP? Bcrypt has been a thing for decades now, and is literally a drop in replacement that handles salting et al. If the developer was hesitant to implement that, I’d rather go use Magento or shudder Shopify

      • Zikeji@programming.dev
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        One of the first things I did when I took over an old php project was convert to bcrypt and add logic to automatically upgrade the hash on their next login (and in case you’re wondering, we also removed the old insurance hashes and the upgrade logic after a while, forcing remaining users to do a password reset).