-
- 1 Posts
It would not be too hard to add salted passwords to MODx. An additional database field next for the salt next to the md5 db hash field would do it. If the field is empty, there is no hash. So it is backwards compatible. At least new users and users who change the password would be safer. Fresh MODx installations would be providing more security from the beginning. - Just a suggestion.
We can check when the user logs in, if the salt is set. if not, the password would be encrypted again...
This would work with Evo and Revo.