Code Review

Return to Answer

Commonmark migration

Source Link

edited Jun 10, 2020 at 13:24

Community Bot

edited Jun 10, 2020 at 13:24

Community Bot

There's two sides to this review:

Security & Style.

##Style:

Style:

Directly return $hash instead of assigning it.
The string concatenation can be improved

into:

public static function makeSafe($password)
{
 $salt = "mySalt";
 return hash("sha256", "{$salt}.{$password}");
}

##Security:

Security:

When using a fixed salt, if they managed to break the compilation of the code and retrieve the plaintext salt, it would render the encrypted password down to a matching of common hashes.

Use a different salt for each user (make a random integer, more than 10 digits even), and store the salt beside the password inside the database.

There's two sides to this review:

Security & Style.

##Style:

Directly return $hash instead of assigning it.
The string concatenation can be improved

into:

public static function makeSafe($password)
{
 $salt = "mySalt";
 return hash("sha256", "{$salt}.{$password}");
}

##Security:

When using a fixed salt, if they managed to break the compilation of the code and retrieve the plaintext salt, it would render the encrypted password down to a matching of common hashes.

Use a different salt for each user (make a random integer, more than 10 digits even), and store the salt beside the password inside the database.

There's two sides to this review:

Security & Style.

Style:

Directly return $hash instead of assigning it.
The string concatenation can be improved

into:

public static function makeSafe($password)
{
 $salt = "mySalt";
 return hash("sha256", "{$salt}.{$password}");
}

Security:

When using a fixed salt, if they managed to break the compilation of the code and retrieve the plaintext salt, it would render the encrypted password down to a matching of common hashes.

Use a different salt for each user (make a random integer, more than 10 digits even), and store the salt beside the password inside the database.

Source Link

answered Sep 16, 2015 at 15:22

Quill

answered Sep 16, 2015 at 15:22

Quill

There's two sides to this review:

Security & Style.

##Style:

Directly return $hash instead of assigning it.
The string concatenation can be improved

into:

public static function makeSafe($password)
{
 $salt = "mySalt";
 return hash("sha256", "{$salt}.{$password}");
}

##Security:

When using a fixed salt, if they managed to break the compilation of the code and retrieve the plaintext salt, it would render the encrypted password down to a matching of common hashes.

Use a different salt for each user (make a random integer, more than 10 digits even), and store the salt beside the password inside the database.

lang-php