[aur-dev] FS#17109: AUR passwords are not salted
Denis Kobozev
d.v.kobozev at gmail.com
Fri Jun 25 12:34:47 EDT 2010
On Fri, Jun 25, 2010 at 12:11 PM, Linas <linas_fi at ymail.com> wrote:
> Note that your patch is not incremental to mine...
No, it's not. The patch is against the current HEAD in the git repo,
but it should play nicely with yours. The only incompatible change I
introduced is that now you should do salted_hash(md5($password),
$salt)) instead of just salted_hash($password, $salt).
> The query in addsalt() function should have a WHERE Salt IS NULL. That's
> nicer than checking it in php.
Is it faster/more memory efficient/more readable?
Best,
Denis.
More information about the aur-dev
mailing list