From 41f6bc042cf24527062c75940d547aae299361eb Mon Sep 17 00:00:00 2001 From: FlorianLB Date: Sat, 14 Dec 2013 11:29:16 +0100 Subject: [PATCH 1/2] [security] adding a tip about supported algorithm for 'hash' function --- book/security.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/book/security.rst b/book/security.rst index 49719291d89..e6f09b8a528 100644 --- a/book/security.rst +++ b/book/security.rst @@ -1358,6 +1358,10 @@ the password is simply run through the ``sha1`` algorithm one time and without any extra encoding. You can now calculate the hashed password either programmatically (e.g. ``hash('sha1', 'ryanpass')``) or via some online tool like `functions-online.com`_ +.. tip:: + + Supported algorithms for this method depend on your PHP version. Full list is available calling the PHP method ``hash_algos()``. + If you're creating your users dynamically (and storing them in a database), you can use even tougher hashing algorithms and then rely on an actual password encoder object to help you encode passwords. For example, suppose your User From 6cd751641c5b31032775661b99961c9e7e80f825 Mon Sep 17 00:00:00 2001 From: FlorianLB Date: Sat, 14 Dec 2013 12:47:28 +0100 Subject: [PATCH 2/2] use a phpfunction link + vocabulary change (method -> function) --- book/security.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/book/security.rst b/book/security.rst index e6f09b8a528..81d8c29120f 100644 --- a/book/security.rst +++ b/book/security.rst @@ -1360,7 +1360,8 @@ any extra encoding. You can now calculate the hashed password either programmati .. tip:: - Supported algorithms for this method depend on your PHP version. Full list is available calling the PHP method ``hash_algos()``. + Supported algorithms for this method depend on your PHP version. + A full list is available calling the PHP function :phpfunction:`hash_algos`. If you're creating your users dynamically (and storing them in a database), you can use even tougher hashing algorithms and then rely on an actual password