Project

General

Profile

Actions
Copy link

Feature #71739

closed

Security Improvement: (salted) hash session id before storing in the database

Added by Helmut Hummel over 8 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Security
Target version:
Candidate for Major Version
Start date:
2015-11-20
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
security
Complexity:
Sprint Focus:

Description

To make it harder to exploit read SQL injections, session id should not be stored in "clear text"

Besides that all other similar hashes (e.g. password reset hash) should be treated in the same way

Actions
Copy link

Also available in: Atom PDF