We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I have looked through the code and found that it is using a hard coded salt for the password hash loginsalt. https://github.com/svenstaro/rust-web-boilerplate/blob/master/src/models/user.rs#L42 https://github.com/svenstaro/rust-web-boilerplate/blob/master/src/models/user.rs#L47
loginsalt
You should consider to use a random value here and also save it alongside your password hash inside the database. Much in the same way the bcrypt-rs crate is doing it https://github.com/Keats/rust-bcrypt/blob/master/src/lib.rs#L115
either by concatenate both and splitting them .. or just save them in separate columns inside the database.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
I have looked through the code and found that it is using a hard coded salt for the password hash
loginsalt
.https://github.com/svenstaro/rust-web-boilerplate/blob/master/src/models/user.rs#L42
https://github.com/svenstaro/rust-web-boilerplate/blob/master/src/models/user.rs#L47
You should consider to use a random value here and also save it alongside your password hash inside the database. Much in the same way the bcrypt-rs crate is doing it https://github.com/Keats/rust-bcrypt/blob/master/src/lib.rs#L115
either by concatenate both and splitting them .. or just save them in separate columns inside the database.
The text was updated successfully, but these errors were encountered: