You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It's been almost a year since the last update, I was wondering whether any of the information is outdated or perhaps some best practices have evolved since last year?
The text was updated successfully, but these errors were encountered:
This isn't actually different from 2016, but usually the recommended password hashing algorithms are (in this order) scrypt, bcrypt, and then PBKDF2.
I would personally have the bit about xss specifically recommend only using escape-by-default templating engines, as well as mentioning that validated user data should be stored as is, and then escaped by the mechanism which displays it (templating engine).
The list should probably recommend using HTTPS for all pages, not just those with sensitive data. This was true in 2016, but is more important now with more features being https-only, and browsers openly displaying warnings for http sites.
It's been almost a year since the last update, I was wondering whether any of the information is outdated or perhaps some best practices have evolved since last year?
The text was updated successfully, but these errors were encountered: