Admin-Configurable Salt #3
Description
Banner IDs in SLC are hashed before insertion into the database in order to prevent anyone from being able to track an issue back to a particular person. There is a little bit of security through obscurity going on here and it is not a perfect solution, but in this case we believe it is sufficient.
When this was a private project, this hash was simply defined at the top of slc/inc/defines.php, like so:
define('ENCODE_SALT', 'super duper secret');
Although having the salt doesn't make it a lot easier to reverse these hashes, we prefer to keep it secret and changeable.
Please use PHPWS_Settings to create a setting for this, call it "encode_salt", and make sure to use it in the encode() function in inc/functions.php. Also, there will need to be an addition to the settings interface for SLC where this can be set, only by a deity.
┆Issue is synchronized with this Asana task