Skip to content

[Security] Change "Encode" to "Hash" to avoid any confusion #39698

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
TavoNiievez opened this issue Jan 3, 2021 · 4 comments · Fixed by #39802
Closed

[Security] Change "Encode" to "Hash" to avoid any confusion #39698

TavoNiievez opened this issue Jan 3, 2021 · 4 comments · Fixed by #39802
Labels
RFC RFC = Request For Comments (proposals about features that you want to be discussed) Security
Milestone
5.4

Comments

@TavoNiievez
Copy link
Contributor

As mentioned:

@paragonie-scott you are right about this. Symfony should replace "encode" by "hash" everywhere. Sadly we cannot do this now because it will be a nightmare to do that change without breaking anything. I know it's not the same, but the docs now explain this misnaming: http://symfony.com/doc/current/book/security.html#dynamically-encoding-a-password

Originally posted by @javiereguiluz in #17857 (comment)

Encode is an inaccurate term for what is actually done in the security component. Hash is the correct term.

I hope you agree that documenting the use of the term in the Symfony context was a temporary solution.

Symfony 5.4 would be a good time to rename all classes where encode is used and actually hash is done. The use of old names can be deprecated, and then removed in Symfony 6.0
@xabbuh xabbuh added RFC RFC = Request For Comments (proposals about features that you want to be discussed) Security labels Jan 3, 2021
@fabpot
Copy link
Member

fabpot commented Jan 4, 2021

As this is security related, I agree that we must use the right words to avoid any confusion.

@fabpot
Copy link
Member

fabpot commented Jan 4, 2021

Deprecations can happen in 5.3, no need to wait for 5.4.

@fabpot fabpot added this to the 5.x milestone Jan 4, 2021
@TavoNiievez TavoNiievez changed the title Symfony 6 may be the perfect opportunity to change Encode to Hash Change Encode to 'Hash' to avoid any confusion Jan 4, 2021
@TavoNiievez TavoNiievez changed the title Change Encode to 'Hash' to avoid any confusion Change Encode to Hash to avoid any confusion Jan 4, 2021
@derrabus derrabus changed the title Change Encode to Hash to avoid any confusion [Security] Change "Encode" to "Hash" to avoid any confusion Jan 4, 2021
@chalasr
Copy link
Member

chalasr commented Jan 4, 2021

I'm going to take care of this.

@chalasr chalasr mentioned this issue Jan 12, 2021
Merged
@chalasr
Copy link
Member

chalasr commented Jan 12, 2021

Here we go: #39802

This was referenced May 15, 2021
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
RFC RFC = Request For Comments (proposals about features that you want to be discussed) Security
Projects
None yet
Milestone
5.4
Development

Successfully merging a pull request may close this issue.

[Security] Extract password hashing from security-core - with proper wording chalasr/symfony
4 participants
@fabpot @xabbuh @chalasr @TavoNiievez