diff options
| author | Chris Cornutt <enygma@phpdeveloper.org> | 2015-07-20 15:28:38 -0500 |
|---|---|---|
| committer | Chris Cornutt <enygma@phpdeveloper.org> | 2015-07-20 15:28:38 -0500 |
| commit | 3864d42c01c08407ec86b1ffd6196b9dfd3a1201 (patch) | |
| tree | 5115ec1a99bbeaf0f8de0cf3047edfe6b677ff92 | |
| parent | 8c3c6b15002ffb246daf7fcc6a4ef6d71f00f086 (diff) | |
| parent | 507030c0f5b33bfc491f272152ef03e8abd658c2 (diff) | |
| download | gatekeeper-3864d42c01c08407ec86b1ffd6196b9dfd3a1201.zip gatekeeper-3864d42c01c08407ec86b1ffd6196b9dfd3a1201.tar.gz gatekeeper-3864d42c01c08407ec86b1ffd6196b9dfd3a1201.tar.bz2 | |
Merge pull request #31 from sdh100shaun/patch-1
Update security-questions.md
| -rw-r--r-- | docs/security-questions.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/docs/security-questions.md b/docs/security-questions.md index 790f275..4721d43 100644 --- a/docs/security-questions.md +++ b/docs/security-questions.md @@ -1,6 +1,6 @@ # Security Questions -Gatekeeper includes the concept of security questions to act as a secondary mechanism for authenticating the user. Instead of trying to provide a set of questions with he installation, the tool only provides the functionality to create and verify +Gatekeeper includes the concept of security questions to act as a secondary mechanism for authenticating the user. Instead of trying to provide a set of questions with the installation, the tool only provides the functionality to create and verify the answers. The answers for the questions are stored as `bcrypt` strings instead of in plain-text to prevent simple exposure if the database is compromised. It currently uses the [password hashing](http://php.net/manual/en/ref.password.php) handling in PHP for hash creation and verification. It evaluates the hashes directly and, as such, the answer is *case sensitive* and must match the answer exactly. |