Investigate Mcrypt #1615
Comments
|
The mcrypt extension is used by Slim 2, although is suggested rather than required. Password checking (as you say) uses mcrypt only if the password has not yet been upgraded to the latest method. Removing it would mean that a user must go through the current release to get to the next. |
|
So we could make it suggested but not required (with that caveat)? I believe there's a pure PHP polyfill for it too, which might be a sensible option? |
|
The polyfill makes the most sense I think - we could include that and drop the requirement for the extension as a whole. |
dasgarner
added a commit
to dasgarner/xibo-cms
that referenced
this issue
Sep 5, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
PHP 7.1 deprecates and PHP 7.2 removes the mcrypt module, as it's no longer maintained.
Investigate whether we still need mcrypt, or whether we can reasonably replace it with something else? I believe we used to use it for password hashing, but no longer do (using PHP's own salt/hash mechanism instead) and perhaps it's there for legacy only now?
The text was updated successfully, but these errors were encountered: