Fixes #165

spec/vulnerabilities/password_hashing_spec.rb

@@ -6,7 +6,7 @@ feature 'improper password hashing' do
     @normal_user = UserFixture.normal_user
   end
 
-  scenario 'with just md5' do
+  scenario "with just md5\nTutorial: https://github.com/OWASP/railsgoat/wiki/A6-Sensitive-Data-Exposure-Insecure-Password-Storage" do
     new_pass = 'testpassword'
     @normal_user.password = new_pass
     @normal_user.password_confirmation = new_pass
@@ -15,16 +15,4 @@ feature 'improper password hashing' do
     expect(Digest::MD5.hexdigest(new_pass)).to eq(@normal_user.password)
   end
 
-=begin
-  scenario 'with md5 and salt' do
-    pending unless @normal_user.has_attribute?('salt')
-    new_pass = 'testpassword'
-    @normal_user.password = new_pass
-    @normal_user.password_confirmation = new_pass
-    @normal_user.save
-    pending if verifying_fixed?
-    expec(Digest::MD5.hexdigest(@normal_user.salt + new_pass))to. eq(@normal_user.password)
-  end
-=end
-
 end