Idea: plugin to warn about improperly comparing hashes (sha1, etc)
Opened this issue · 0 comments
TysonAndre commented
For hash_file, md5, sha1, etc.
- Override the return type in the plugin to be
'fake_hash_value_' . $i
- Warn if using
!=
or==
instead of===
. Loose inequality has surprising behaviors. (analyze in PostOrder with that plugin) - Separately, suggest using
hash_equals
for hashes of sensitive information (passwords)