Re: crypt() should raise error without 2nd parameter

From:	Yasuo Ohgaki	Date:	Thu, 08 Aug 2013 04:44:59 +0000
Subject:	Re: crypt() should raise error without 2nd parameter
References:	1 2 3 4	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi Hannes,

On Thu, Aug 8, 2013 at 1:22 PM, Hannes Magnusson <[email protected]
> wrote:

> On Wed, Aug 7, 2013 at 6:20 PM, Yasuo Ohgaki <[email protected]> wrote:
> > Hi all,
> >
> > It seems there are 2 options for master branch when crypt()'s 2nd
> parameter
> > is omitted.
> >
> >  - raise E_DEPRECIATED that advice use of stronger salt or
> password_hash()
> >        and make 2nd parameter required for future release.
> >  - make crypt() use stronger default salt/hash w/o error
> >
> > Since password_hash() is supposed to do better job, first option seems
> > better to me.
>
>
> Deprecating it means it will be removed in the future.
>
> Please leave the function alone. This should be solved with education,
> not a gun to peoples head.


This would be third option.
I agree that good documentation is always good.

E_NOTICE might be better as E_DEPRECIATED means obsolete.

I'll write RFC for voting later. Please comment so that your comments are
in RFC.

Regards,

--
Yasuo Ohgaki
[email protected]


   

Thread (10 messages)

• Yasuo OhgakiWed, 07 Aug 2013 10:18:15 +0000
  • LeighWed, 07 Aug 2013 11:00:00 +0000
    • Ángel GonzálezWed, 07 Aug 2013 11:58:32 +0000
  • Kalle Sommer NielsenWed, 07 Aug 2013 13:21:30 +0000
  • Anthony FerraraWed, 07 Aug 2013 13:50:11 +0000
  • Stas MalyshevWed, 07 Aug 2013 20:30:09 +0000
    • Yasuo OhgakiThu, 08 Aug 2013 01:20:42 +0000
      • Hannes MagnussonThu, 08 Aug 2013 04:22:36 +0000
        • Yasuo OhgakiThu, 08 Aug 2013 04:44:59 +0000
  • Yasuo OhgakiThu, 22 Aug 2013 11:30:06 +0000Re: crypt() should raise error without 2nd parameter