• neo (he/him)OPA
    link
    fedilink
    English
    arrow-up
    38
    arrow-down
    1
    ·
    1 year ago

    For context, this guy has a history of being dismissive of legitimate security concerns like using unsalted md5 passwords

    • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      Yikes, that is embarassing.

      Is opencart written in PHP? Bcrypt has been a thing for decades now, and is literally a drop in replacement that handles salting et al. If the developer was hesitant to implement that, I’d rather go use Magento or shudder Shopify

      • Zikeji@programming.dev
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        One of the first things I did when I took over an old php project was convert to bcrypt and add logic to automatically upgrade the hash on their next login (and in case you’re wondering, we also removed the old insurance hashes and the upgrade logic after a while, forcing remaining users to do a password reset).