hardcoded secret in ProfileController

Question

hardcoded secret in ProfileController

Closed this issue 5 years ago · 2 comments

Is there a reason why this is hardcoded in the file?

https://github.com/rocklegend-org/website/blob/master/app/Http/Controllers/ProfileController.php#L244

Seems this is connected to the JSConnect class, SHA-1 would be better than MD5 but both are still very weak. If possible we should move to hash('sha256').

Answer 1 · 2016-05-20T10:12:42.000Z

Yes, this was used for the Vanilla Forum software a long time ago. It's deprecated and can be kicked out either way.

Answer 2 · 2018-07-30T20:04:39.000Z

Is this still relevant?