Feature #71739

Security Improvement: (salted) hash session id before storing in the database

Added by Helmut Hummel over 5 years ago. Updated over 2 years ago.

Status:
Accepted
Priority:
Should have
Assignee:
-
Category:
Security
Start date:
2015-11-20
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
security
Complexity:
Sprint Focus:

Description

To make it harder to exploit read SQL injections, session id should not be stored in "clear text"

Besides that all other similar hashes (e.g. password reset hash) should be treated in the same way

#1

Updated by Helmut Hummel almost 5 years ago

  • Tags set to security
#2

Updated by Helmut Hummel almost 5 years ago

  • Category set to Security
#3

Updated by Riccardo De Contardi about 4 years ago

  • Target version changed from 8 LTS to 9.0
#4

Updated by Susanne Moog over 3 years ago

  • Target version changed from 9.0 to 9 LTS
#5

Updated by Susanne Moog over 2 years ago

  • Target version changed from 9 LTS to Candidate for Major Version

Also available in: Atom PDF