On Fri, Jan 29, 2021 at 3:45 PM Jesse Rushlow <j...@rushlow.dev> wrote:
> However having a third param to password_verify(), that is false by > default, that would allow for > an exception to be thrown in the event of an unknown algo / bad hash might > be a better path forward and would be totally beneficial in my opinion. > Gonna be the usual person saying: let's not clutter functions with more behavior than what's needed :-) If you need to validate a hash for being "well formed" rather than "matching", then write a separate function dedicated to that, rather than increasing the complexity of a pre-existing symbol. Marco Pivetta http://twitter.com/Ocramius http://ocramius.github.com/
