Comment 9 for bug 843568

Reviewed: https://reviews.mahara.org/855
Committed: http://gitorious.org/mahara/mahara/commit/5a714bf73796693bf71ffa75fcb89800dc3c0ed3
Submitter: Francois Marier (<email address hidden>)
Branch: master

commit 5a714bf73796693bf71ffa75fcb89800dc3c0ed3
Author: Hugh Davenport <email address hidden>
Date: Tue Nov 15 12:52:43 2011 +1300

    Add a sitewide salt that isn't in the db

    This salt is used to add an extra layer of salting that
    isn't visible from the database. This requires attackers
    to obtain both the database, and the config.php file to
    get the true salt value that is passed to crypt.

    Bug #843568

    See http://docs.moodle.org/20/en/Password_salting

    Change-Id: Iaa575a4724e387104f9e436c07b336ef8c7ebef5
    Signed-off-by: Hugh Davenport <email address hidden>
    Signed-off-by: Francois Marier <email address hidden>