Contents

= New Features

* A password_pepper feature has been added.  This allows you to use a
  secret key (called a pepper) to append to passwords before hashing
  and hash checking.  Using this approach, if an attacker obtains the
  password hash, it is unusable for cracking unless they can also
  get access to the pepper.

  The password_pepper feature also supports a list of previous peppers
  that can be used to implement secret rotation and to support
  compatibility with unpeppered passwords.

  Rodauth by default uses database functions for password hash
  checking on PostgreSQL, MySQL, and Microsoft SQL Server, which in
  general provides more security than a password pepper, but both
  approaches can be used simultaneously.

* A session_key_prefix configuration method has been added for
  prefixing the values of all default session keys.  This can be
  useful if you are using multiple Rodauth configurations in the same
  application and want to make sure the session keys for the separate
  configurations do not overlap.

Version data entries

33 entries across 33 versions & 1 rubygems

Version	Path
rodauth-2.36.0	doc/release_notes/2.4.0.txt
rodauth-2.34.0	doc/release_notes/2.4.0.txt
rodauth-2.33.0	doc/release_notes/2.4.0.txt
rodauth-2.32.0	doc/release_notes/2.4.0.txt
rodauth-2.31.0	doc/release_notes/2.4.0.txt
rodauth-2.30.0	doc/release_notes/2.4.0.txt
rodauth-2.29.0	doc/release_notes/2.4.0.txt
rodauth-2.28.0	doc/release_notes/2.4.0.txt
rodauth-2.27.0	doc/release_notes/2.4.0.txt
rodauth-2.26.1	doc/release_notes/2.4.0.txt
rodauth-2.26.0	doc/release_notes/2.4.0.txt
rodauth-2.25.0	doc/release_notes/2.4.0.txt
rodauth-2.24.0	doc/release_notes/2.4.0.txt
rodauth-2.23.0	doc/release_notes/2.4.0.txt
rodauth-2.22.0	doc/release_notes/2.4.0.txt
rodauth-2.21.0	doc/release_notes/2.4.0.txt
rodauth-2.20.0	doc/release_notes/2.4.0.txt
rodauth-2.19.0	doc/release_notes/2.4.0.txt
rodauth-2.18.0	doc/release_notes/2.4.0.txt
rodauth-2.17.0	doc/release_notes/2.4.0.txt