starred/tinyfilemanager
1
0
Fork 0
mirror of https://github.com/prasathmani/tinyfilemanager.git synced 2026-04-26 10:55:56 +03:00
Code Issues 253 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #31] MD5 should not be used for passwords #20

New issue
Closed
opened 2026-03-02 15:55:03 +03:00 by kerem · 4 comments
kerem commented 2026-03-02 15:55:03 +03:00
Owner
Copy link

Originally created by @nickvellios on GitHub (Jan 15, 2018).
Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/31

MD5 is not encryption and is about as secure as just storing passwords as plaintext. Please use password_hash().

Originally created by @nickvellios on GitHub (Jan 15, 2018). Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/31 MD5 is not encryption and is about as secure as just storing passwords as plaintext. Please use password_hash().
kerem 2026-03-02 15:55:03 +03:00
kerem commented 2026-03-02 15:55:04 +03:00
Author
Owner
Copy link

@Tha14 commented on GitHub (Sep 5, 2018):

I second this, using md5 was probably the worst idea...

<!-- gh-comment-id:418616576 --> @Tha14 commented on GitHub (Sep 5, 2018): I second this, using md5 was probably the worst idea...
kerem commented 2026-03-02 15:55:04 +03:00
Author
Owner
Copy link

@prasathmani commented on GitHub (Oct 10, 2018):

MD5 has been removed. 7c9ecf5

<!-- gh-comment-id:428670303 --> @prasathmani commented on GitHub (Oct 10, 2018): MD5 has been removed. 7c9ecf5
kerem commented 2026-03-02 15:55:04 +03:00
Author
Owner
Copy link

@alecos71 commented on GitHub (Oct 13, 2018):

Now the user and pass are in clear text, without any hash checking... use instead password_verify and password_hash...

<!-- gh-comment-id:429536638 --> @alecos71 commented on GitHub (Oct 13, 2018): Now the user and pass are in clear text, without any hash checking... use instead password_verify and password_hash...
kerem commented 2026-03-02 15:55:04 +03:00
Author
Owner
Copy link

@prasathmani commented on GitHub (Oct 16, 2018):

@alecos71 - password_hash() has been implemented. thanks for your suggestion.

<!-- gh-comment-id:430147557 --> @prasathmani commented on GitHub (Oct 16, 2018): @alecos71 - password_hash() has been implemented. thanks for your suggestion.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
prasathmani-patch-1
offline
add-license-1
2.6
2.5.3
2.5.0
2.4.7
2.4.3
2.4.1
2.4.0
2.3.8
2.3.4
2.3
2.2.0
2.0.2
2.0.1
Labels
Clear labels   
Feature

   
Feature

   
Is It Really an Issue?

   
Need More Info

   
Request

   
Security

   
bug

   
duplicate

   
enhancement

   
enhancement

   
help wanted

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
suggestion

   
wontfix
No labels
Feature
Feature
Is It Really an Issue?
Need More Info
Request
Security
bug
duplicate
enhancement
enhancement
help wanted
invalid
pull-request
question
suggestion
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/tinyfilemanager#20
No description provided.