[wp-trac] [WordPress Trac] #12159: Define random keys and salts during setup-config.php

WordPress Trac wp-trac at lists.automattic.com
Thu Feb 11 22:47:38 UTC 2010


#12159: Define random keys and salts during setup-config.php
-------------------------+--------------------------------------------------
 Reporter:  nacin        |       Owner:  ryan
     Type:  enhancement  |      Status:  new 
 Priority:  normal       |   Milestone:  3.0 
Component:  Security     |     Version:      
 Severity:  normal       |    Keywords:      
-------------------------+--------------------------------------------------
Changes (by westi):

  * keywords:  has-patch commit =>


Comment:

 Replying to [comment:8 dd32]:
 > > [13026]
 >
 > With the addition of the extra constants to the sample wp-config.php, It
 should be checked to see if the functions which use those fall back on a
 psuedorandom salt in the case that they are already defined.. Dont want
 half of any custom manual installs using the same salt..

 Reviewed with the following results:
  * SECRET_KEY, AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, NONCE_KEY do
 check
  * AUTH_SALT, SECRET_SALT, SECURE_AUTH_SALT, LOGGED_IN_SALT, NONCE_SALT
 don't check.

 Patch incoming.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/12159#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list