first step in making the authorize target work correctly, move check for secure conne...

[authserver.git] / authsystem.inc.php

diff --git a/authsystem.inc.php b/authsystem.inc.php
index 2c98f6dd46ccf1d8f53a0ad023801b1b0c3ee841..8b26e4fa942af7f6dddfd16b4c4d3f5718d9d04b 100644 (file)
--- a/authsystem.inc.php
+++ b/authsystem.inc.php
@@ -3,6 +3,13 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+/*
+  Some resources for how to store passwords:
+  - https://blog.mozilla.org/webdev/2012/06/08/lets-talk-about-password-storage/
+  - https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines
+  oauth-server-php: https://bshaffer.github.io/oauth2-server-php-docs/cookbook
+*/
+
 // error reporting (for testing)
 ini_set('display_errors', 1); error_reporting(E_ALL);