[ic] For review - new Strap template for Interchange 5

Mike Heins mikeh at endpoint.com
Sat Oct 17 12:18:32 UTC 2015

Quoting Jon Jensen (jon at endpoint.com):
> On Sat, 17 Oct 2015, Peter wrote:
> >1.  Customer and affiliate passwords should be encrypted with
> >bcrypt, not plain text.  I think the time for allowing plain text
> >storage of passwords is long past and IC is perfectly capable of
> >using the current recommendation for this which is bcrypt.
> >
> >2.  Not a strap issue, but admin passwords should also be bcrypt
> >now, not old crypt.
> >
> >To accommodate the above we may need to update KitchenSink to add
> >the modules needed for bcrypt, I'm not sure if they're in
> >KitchenSink at the moment or not.
> Good points, Peter.
> They're not in either of the bundles now.
> We need to add:
> Digest::Bcrypt
> Crypt::Random
> I don't think I've seen any trouble installing those with various
> versions of Perl and other CPAN modules yet. Although Crypt::Random
> depends on Math::Pari which I vaguely recall being a pain in the
> distant past.
> But we don't have any other strong, modern password hashing options
> in Interchange right now, so it seems reasonable to make bcrypt the
> default and include the needed modules.
> >There may be a case for changing Bundle::Interchange,
> I think so.
> Mike, what do you think?

I think it's done! V1.11 is up in CPAN.

Mike Heins
End Point -- Expert Internet Consulting    http://www.endpoint.com/
phone +1.765.253.4194  <mikeh at endpoint.com>

There's nothing sweeter than life nor more precious than time.
-- Barney

More information about the interchange-users mailing list