[wp-trac] [WordPress Trac] #12159: Define random keys and salts during setup-config.php

WordPress Trac wp-trac at lists.automattic.com
Sat Feb 13 21:33:46 UTC 2010


#12159: Define random keys and salts during setup-config.php
-------------------------+--------------------------------------------------
 Reporter:  nacin        |       Owner:  ryan
     Type:  enhancement  |      Status:  new 
 Priority:  normal       |   Milestone:  3.0 
Component:  Security     |     Version:      
 Severity:  normal       |    Keywords:      
-------------------------+--------------------------------------------------

Comment(by nacin):

 I've uploaded a new patch, [attachment:12159.3.diff], that falls back to
 wp_generate_password() when the https request fails. (https is more likely
 to fail given that there might not be a transport available.)

 It introduces a new constant, WP_SETUP_CONFIG, that way
 wp_generate_password() doesn't try to fetch transients that clearly do not
 exist. I find that cleaner than checking for function_exists().

 I'm also considering additional special characters to
 wp_generate_password() (something sivel proposed in #8647) and also a way
 (via a URL variable, I imagine) to bypass the https check and go right to
 wp_generate_password(), to alleviate concerns in #8647.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/12159#comment:13>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list