From a5cb692236c102e287ebfbf8e83efaa58e239f63 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Sat, 21 May 2016 16:34:41 +0200 Subject: [PATCH] Added a note about "encoding vs. hashing" passwords --- book/security.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/book/security.rst b/book/security.rst index acc2f90ad75..d0840794127 100644 --- a/book/security.rst +++ b/book/security.rst @@ -1148,6 +1148,12 @@ is defined by the ``target`` parameter above (e.g. the ``homepage``). Dynamically Encoding a Password ------------------------------- +.. note:: + + For historical reasons, Symfony uses the term *"password encoding"* when it + should really refer to *"password hashing"*. The "encoders" are in fact + `cryptographic hash functions`_. + If, for example, you're storing users in the database, you'll need to encode the users' passwords before inserting them. No matter what algorithm you configure for your user object, the hashed password can always be determined @@ -1319,4 +1325,5 @@ Learn More from the Cookbook .. _`online tool`: https://www.dailycred.com/blog/12/bcrypt-calculator .. _`frameworkextrabundle documentation`: https://symfony.com/doc/current/bundles/SensioFrameworkExtraBundle/index.html +.. _`cryptographic hash functions`: https://en.wikipedia.org/wiki/Cryptographic_hash_function .. _`HWIOAuthBundle`: https://github.com/hwi/HWIOAuthBundle