> On 31 Mar 2015, at 21:32, Christoph Becker <cmbecke...@gmx.de> wrote: > > Nicolas Oelgart wrote: > >>> On 31 Mar 2015, at 20:49, Anthony Ferrara <ircmax...@gmail.com> wrote: >>> >>> So I'd like to hear your thoughts about raising E_DEPRECATED when the >>> salt option is specified in 7.0, with ultimately removing the option >>> in a later version. >> >> +1 >> >> I'd even go as far as adding a big red warning about custom salts to the >> manual page. > > FWIW, there is already the following note: > > | Caution It is strongly recommended that you do not generate your own > | salt for this function. It will create a secure salt automatically > | for you if you do not specify one. > > -- > Christoph M. Becker >
Yeah, I’m aware. But I don’t think it’s enough. I’d suggest moving it further to the top, and making it red. As Anthony’s research shows, the current note is not enough. People are still doing it wrong. — Nico -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
