I believe that the original comment thought it was bad because the hashed password is stored alongside the salt. But, in practice this is never really a problem, because if they can get your hash, then the salt is usually always recoverable as well...
This is where some people think they are being clever. Because they think to themselves,
"hey, if I keep the salt secret and don't store the salt in the same table, or in the same field, then I've got awesome security by secrecy".
So all they do is hard code a salt that they reuuse for every hash in their application. Which offers them a lot less security overall for their users.
I have zero problem with storing the salt alongside the hashed password, because in practice, it doesn't make anything less secure.
You quoted me totally out of context (I don't use SHA and you are implying that I do. I didn't spot that in your original paste snippet, and clearly wrongly assumed that you were just referring to the concatenation of hash to salt.)
Nothing that I said was wrong (in fact it's sound advice), so I'm a little shocked at the massive downvotes, your blunt response, followed up with the patronising advice to rewrite all my software.
(And no, I don't use SHA. I didn't spot that in your snippet.)
This is where some people think they are being clever. Because they think to themselves,
"hey, if I keep the salt secret and don't store the salt in the same table, or in the same field, then I've got awesome security by secrecy".
So all they do is hard code a salt that they reuuse for every hash in their application. Which offers them a lot less security overall for their users.
I have zero problem with storing the salt alongside the hashed password, because in practice, it doesn't make anything less secure.