Post by ADD Creative » Mon Aug 09, 2021 5:54 pm

It wouldn't be an issue for the master branch as that only works on PHP 8. password_hash has changed for PHP 8 in that it no longer returns false but now throws an exception. For older versions of PHP, you should check password_hash did not return false and don't store it in the database if it did.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by RiugarKaowi » Fri Feb 03, 2023 10:50 pm

OpenCart seems to store passwords using SHA1 with salt in MD5, which is a bit more secure than the outdated and non-compliant MD5 hash used by the website in the news article. However, using an older version of OpenCart such as 1.5x or 2.x might still be considered a security risk and potentially subject to fines if it has known vulnerabilities and is no longer receiving updates. The use of end-of-life PHP versions like 7.2 and older could also potentially be in violation of GDPR if they don't have any more security updates. It's always a good idea to follow the latest security recommendations and guidelines from reliable sources. More about it here https://www.exposit.com/solutions/

Newbie

Posts

Joined
Fri Feb 03, 2023 10:43 pm
Who is online

Users browsing this forum: Amazon [Bot], Majestic-12 [Bot] and 49 guests