8
* Add a salt to password hashes, to prevent dictionary attacks being run against captured hashes.
* Hash passwords simultaneously against 2 hash algorithms, to drastically reduce the chance of finding hash collisions.
* Use different hash algorithm (Herve solution :)
* The default password length in XOOPS is too short. Should be longer (this is a trivial change).
* BUNDLE PROTECTOR WITH THE XOOPS CORE DOWNLOAD, AND PRE-CONFIGURE MAINFILE.PHP TO IMPLEMENT THIS MODULE SO THAT NEW USERS DON'T HAVE TO FIGURE ANYTHING OUT.
* I was shouting respectfully and in good humour of course :) but please, can we not abandon this policy of 'no modules bundled with the core' in the interests of sanity new users? Please? It makes sense to include Protector, doesn't it? It would take about 5 minutes to do, wouldn't it?
Edit: My suggestions are a bit off base from the context of Herve's initial post, because I didn't read it carefully. Sorry! Anyway, I'll leave it here on the odd chance someone reads it :)
