• 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Yikes, that is embarassing.

    Is opencart written in PHP? Bcrypt has been a thing for decades now, and is literally a drop in replacement that handles salting et al. If the developer was hesitant to implement that, I’d rather go use Magento or shudder Shopify

    • Zikeji@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      One of the first things I did when I took over an old php project was convert to bcrypt and add logic to automatically upgrade the hash on their next login (and in case you’re wondering, we also removed the old insurance hashes and the upgrade logic after a while, forcing remaining users to do a password reset).