Changes between Initial Version and Version 1 of Ticket #21022, comment 63
- Timestamp:
- 11/09/2015 02:56:28 AM (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #21022, comment 63
initial v1 4 4 Actually, according to [https://github.com/ircmaxell/password_compat here], it's versions < 5.3.7 and also that haven't had the $2y fix backported into them that are incompatible. Of the servers using PHP 5.3, most will likely be using either >= 5.3.7 or a version with $2y backported into it. 5 5 6 The [https://wordpress.org/about/stats/ stats] show that at the time of writing only 11.2% of Wordpress servers currently use PHP 5.2. The chance of someone moving from a PHP 5. 5 server to a 5.2 server are probably pretty negligible, especially since 5.2 has been past its [http://php.net/eol.php end of support] since the beginning of 2011.6 The [https://wordpress.org/about/stats/ stats] show that at the time of writing only 11.2% of Wordpress servers currently use PHP 5.2. The chance of someone moving from a PHP 5.3.7+ server back to a 5.2 server are probably pretty negligible, especially since 5.2 has been past its [http://php.net/eol.php end of support] since the beginning of 2011, and if changing hosts and given the choice, most people would choose a server with more recent software, not older software. 7 7 8 8 I feel that while '''not''' using bcrypt by default we are throwing the baby out with the bath water. We can easily detect whether the user's PHP is compatible with $2y (see the [https://github.com/ircmaxell/password_compat/blob/master/lib/password.php check function here]), so even if there's a 0.1% chance that someone might migrate from a compatible version to an incompatible version, all we need to do is display a message to users after they have attempted to log in, like this: