Am 26.07.2024, 12:03:53 schrieb Gina P. Banyard <intern...@gpb.moe>:
> On Friday, 26 July 2024 at 08:09, Peter Stalman <sarke...@gmail.com>
> wrote:
>
> On Thu, Jul 25, 2024 at 11:35 PM Peter Stalman <sarke...@gmail.com> wrote:
>
>> If their learning insticast
>>
>
> *instincts.
>
> I should also clarify, I'm not against deprecations in general. However,
> the benefits should outweigh the costs. If something is getting
> unmaintainable, no longer supported, inherently insecure etc, those are all
> good reasons. `password_hash` as mentioned was a great addition, and
> should/did solve this very issue. Even someone reading a blog tutorial from
> 11 years ago would be able to see this used properly.
>
> But md5/sha1 are not bad functions, they do *exactly* what they say on the
> box. Being able to do the exact same thing by spelling the function
> slightly differently isn't even deprecating them, just deprecating an
> alias. They're only *bad* if used in a *bad way*, and that to me is not
> enough of a reason.
>
>
> Stephen Rees-Carter, a security expert that has performed countless
> security audits on Wordpress and Laravel websites, would like to disagree
> with the fact that it is not enough of a good reason. [1]
> A warning on a documentation page is useless, as nobody is forced to read
> it.
>
> Yet again the PHP community doesn't care about security of its users,
> current and future, and just prefers the convenience of needing to type
> less characters and not go back fix some code for better design.
>
> I am not sure why I was expecting something else, but I guess I am just
> disappointed.
> I suppose we are truly becoming Oracle.
>
> Sincerely,
>
> Gina P. Banyard
>
> [1] https://x.com/valorin/status/1816593881791860963
>
The only thing that removal of these functions would cause is a.) make
people rant about php unnecessarily b.) 99.9% would counter the removal of
these functions bys adding this kind of code in their bootstrap, maybe
include a polyfill library via composer.
if (!function_exists(‚md5‘)) { function md5($data) { return hash(‚md5‘,
$data); }}
>
>
