htdocs/lib/db/upgrade.php · 5a714bf73796693bf71ffa75fcb89800dc3c0ed3 · mahara / mahara

Add a sitewide salt that isn't in the db · 5a714bf7

Hugh Davenport authored Nov 15, 2011

This salt is used to add an extra layer of salting that
isn't visible from the database. This requires attackers
to obtain both the database, and the config.php file to
get the true salt value that is passed to crypt.

Bug #843568

See http://docs.moodle.org/20/en/Password_salting



Change-Id: Iaa575a4724e387104f9e436c07b336ef8c7ebef5
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>
Signed-off-by: Francois Marier <francois@catalyst.net.nz>

5a714bf7