From 98b64cd17c3909bbc5274d999532b911bb35aecd Mon Sep 17 00:00:00 2001
From: Michael Snoyman <michael@snoyman.com>
Date: Sat, 22 Feb 2014 19:21:59 +0200
Subject: [PATCH] Security warnings for Yesod.Auth.HashDB #668

---
 yesod-auth/Yesod/Auth/HashDB.hs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/yesod-auth/Yesod/Auth/HashDB.hs b/yesod-auth/Yesod/Auth/HashDB.hs
index d0509f26..f168c0e0 100644
--- a/yesod-auth/Yesod/Auth/HashDB.hs
+++ b/yesod-auth/Yesod/Auth/HashDB.hs
@@ -18,6 +18,11 @@
 -- Stability   :  Stable
 -- Portability :  Portable
 --
+-- /WARNING/: This module was /not/ designed with security in mind, and is not
+-- suitable for production sites. In the near future, it will likely be either
+-- deprecated or rewritten to have a more secure implementation. For more
+-- information, see: <https://github.com/yesodweb/yesod/issues/668>.
+--
 -- A yesod-auth AuthPlugin designed to look users up in Persist where
 -- their user id's and a salted SHA1 hash of their password is stored.
 --