[ic] For review - new Strap template for Interchange 5

Peter peter at pajamian.dhs.org
Sat Oct 17 02:04:29 UTC 2015


On 08/08/2015 12:10 PM, Josh Lavin wrote:
> The "Strap" template which Greg Hanson and I have been working on for a
> couple years now has been updated to Bootstrap 3.x latest.
> 
> If you weren't aware, Strap is a new template for IC 5.x, which is
> completely modern HTML5 + CSS. It is based on the Bootstrap Framework,
> and includes several improvements, such as SEO-friendly results,
> better gift certs, checkout with usability features, etc (see more in
> the link below).
> 
> In preparation for replacing the old "standard" template for IC, I could
> use some help in reviewing the "strap" template, to ensure it is ready
> for prime-time.

I just got around to having a look at some of the code for this and have
a couple of suggestions:

1.  Customer and affiliate passwords should be encrypted with bcrypt,
not plain text.  I think the time for allowing plain text storage of
passwords is long past and IC is perfectly capable of using the current
recommendation for this which is bcrypt.

2.  Not a strap issue, but admin passwords should also be bcrypt now,
not old crypt.

To accommodate the above we may need to update KitchenSink to add the
modules needed for bcrypt, I'm not sure if they're in KitchenSink at the
moment or not.  There may be a case for changing Bundle::Interchange, I
don't know.

I'll let you know if I come across anything else.


Peter



More information about the interchange-users mailing list