[wp-trac] Re: [WordPress Trac] #8647: Try to configure secure keys
in wp-config.php on install
WordPress Trac
wp-trac at lists.automattic.com
Thu Dec 18 15:07:58 GMT 2008
#8647: Try to configure secure keys in wp-config.php on install
-------------------------+--------------------------------------------------
Reporter: sivel | Owner: has-patch
Type: enhancement | Status: new
Priority: normal | Milestone: 2.8
Component: General | Version: 2.7
Severity: normal | Resolution:
Keywords: |
-------------------------+--------------------------------------------------
Comment (by sivel):
Replying to [comment:1 jacobsantos]:
> Why not attempt to create the key yourself if the response fails.
Isn't that what I said and what the patch does? If the response fails the
user is informed to create the keys themselves.
> Some will '''NOT''' want to have the keys over HTTP connection. HTTPS
might be only a tiny bit better.
The patch is configured to use the HTTPS url and not the HTTP url. Since
wp-config.php lists the url to the secret-keys api as the recommended way
to generate these secret keys how is it any less secure than the user
requesting that page and then pasting it into their file? Most users use
FTP anyway so they would have just requested the api using https in their
browser and then used plain text ftp to upload their secret keys, which is
less secure than the install handling it.
--
Ticket URL: <http://trac.wordpress.org/ticket/8647#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list