haskell/yesod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security warnings for Yesod.Auth.HashDB #668

Browse Source
This commit is contained in:
Michael Snoyman 2014-02-22 19:21:59 +02:00
parent 0ab2fc21fd
commit 98b64cd17c
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
yesod-auth/Yesod/Auth/HashDB.hs
View File

@ -18,6 +18,11 @@
-- Stability : Stable -- Stability : Stable
-- Portability : Portable -- Portability : Portable
-- --
-- /WARNING/: This module was /not/ designed with security in mind, and is not
-- suitable for production sites. In the near future, it will likely be either
-- deprecated or rewritten to have a more secure implementation. For more
-- information, see: <https://github.com/yesodweb/yesod/issues/668>.
--
-- A yesod-auth AuthPlugin designed to look users up in Persist where -- A yesod-auth AuthPlugin designed to look users up in Persist where
-- their user id's and a salted SHA1 hash of their password is stored. -- their user id's and a salted SHA1 hash of their password is stored.
-- --