Implement weak-password checks. API keys should not be used for user authentication. They should only be used for API clients authentication. CodeIgniter provisions Controller Filters spark routes command An official authentication and authorization framework CodeIgniter Shield Throttler for rate limit...
So you should change the setting to false as soon as possible, and remove old hashed password.Note This setting is deprecated. It will be removed in v1.0.0 official release.Limitations for the Default Password HandlingBy default, Shield uses the hashing algorithm PASSWORD_DEFAULT (see app/...
$supportOldDangerousPassword In app/Config/Auth.php there is $supportOldDangerousPassword, which is a setting for using passwords stored in older versions of Shield that were vulnerable. This setting is deprecated. If you have this setting set to true, you should change it to false as soon as...