On 06/27/2012 07:16 AM, Anthony Ferrara wrote:
Arvids,
On Wed, Jun 27, 2012 at 9:23 AM, Arvids Godjuks
<arvids.godj...@gmail.com> wrote:
Hello.
I personally think that using PASSWORD_DEFAULT for algorythm by default is a
bad idea. This should be defined by user in the code. Even worse if it is
defined by .ini setting - deploy to a remote server and realize that there
is a different .ini default that messes up everything. Lessons learned in
the past are forgetten fast?
It wouldn't mess up anything. All it would do is change the algorithm
used by the library when creating new passwords. Existing ones will
still validate. The new ones will validate on the old server as long
as that algorithm is supported (could be an issue in a mixed
environment where there are servers using an older version without
support for the new method in crypt())...
Hi Anthony,
Can you update the RFC (aka future documentation) and make this obvious
to an end user?
Chris
--
christopher.jo...@oracle.com
http://twitter.com/#!/ghrd
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
