[OWASP_PHPSEC] Is storing static salt in database a good idea ?

Abbas Naderi abiusx at owasp.org
Tue Sep 3 11:32:50 UTC 2013


Yes
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Sep 3, 2013, at 6:12 AM, Shivam Dixit <shivamd001 at gmail.com> wrote:

> On Mon, Sep 2, 2013 at 9:47 PM, Abbas Naderi <abiusx at owasp.org> wrote:
> Hi Shivam,
> Good point.
> We need to move the static salt to the library as a static confidential string object.
> Thanks
> -Abbas
> 
>  
> Hello Abbas,
> 
> Shall I file an issue on github for this problem also ?
> 
> Cheers,
> Shivam

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130903/322e47bf/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list