- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: php-security/weak-hash-algorithm
Language: PHP
Severity: Error
Category: Security
CWE: 1240
This rule is set to prevent the use of outdated or weak cryptographic hash functions in your PHP code. Hash functions are a crucial part of many data security operations, including password storage and data integrity checks. However, not all hash functions offer the same level of security.
Weak hash algorithms, such as MD5 or SHA1, are vulnerable to various types of attacks, including collision attacks and preimage attacks. This can potentially lead to unauthorized access to sensitive data, data corruption, or other security breaches.
To adhere to this rule and maintain high levels of security in your PHP applications, it’s recommended to use strong, up-to-date hash functions. PHP offers the password_hash()
function, which uses a strong hash algorithm (bcrypt by default) and automatically handles the creation of salt values. Alternatively, you can use the hash()
function with a strong algorithm such as SHA256 or SHA3.
<?php
$hash = md5($data);
$hash = sha1($data);
$hash = hash('md4', $data);
$hash = hash("md4", $data);
$hash = hash('md2', $data);
$hash = hash('haval128,3', $data);
$hash = hash('haval128,4', $data);
$hash = hash('haval128,5', $data);
$hash = hash('ripemd128', $data);
$hash = hash('ripemd160', $data);
<?php
$hash = hash('sha256', $data); // Secure
$hash = hash('sha512', $data); // Secure
$hash = hash('sha3-256', $data); // Secure
$hash = hash('sha3-512', $data); // Secure
|
|
For more information, please read the Code Analysis documentation
Identify code vulnerabilities directly in yourVS Code editor
Identify code vulnerabilities directly inJetBrains products