Idea: plugin to warn about improperly comparing hashes (sha1, etc)

Question

Opened this issue 6 years ago · 0 comments

For hash_file, md5, sha1, etc.

Override the return type in the plugin to be 'fake_hash_value_' . $i
Warn if using != or == instead of ===. Loose inequality has surprising behaviors. (analyze in PostOrder with that plugin)
Separately, suggest using hash_equals for hashes of sensitive information (passwords)