[wp-trac] Re: [WordPress Trac] #6754: Improve default wp_salt()
WordPress Trac
wp-trac at lists.automattic.com
Wed Apr 16 19:42:59 GMT 2008
#6754: Improve default wp_salt()
-----------------------------------------+----------------------------------
Reporter: filosofo | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.6
Component: General | Version:
Severity: normal | Resolution:
Keywords: SECRET_KEY wp_salt security |
-----------------------------------------+----------------------------------
Comment (by ryan):
I'd rather not introduce DB_PASSWORD into cookie key creation in any way.
Best to avoid any possibility of DB_PASSWORD being brute forced. Can we
make do with just mtime and only use it in the recipe only if SECRET_KEY
is not defined? An admin might not want to expire cookies for everyone
whenever wp-config.php is changed. I certainly wouldn't want that on
wordpress.com.
--
Ticket URL: <http://trac.wordpress.org/ticket/6754#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list