[wp-trac] Re: [WordPress Trac] #9725: Authentication Keys

WordPress Trac wp-trac at lists.automattic.com
Sat May 9 22:24:56 GMT 2009


#9725: Authentication Keys
-------------------------+--------------------------------------------------
 Reporter:  link2caro    |       Owner:  ryan                                                               
     Type:  enhancement  |      Status:  new                                                                
 Priority:  normal       |   Milestone:  2.8                                                                
Component:  Security     |     Version:                                                                     
 Severity:  minor        |    Keywords:  needs-patch developer-feedback auth_key, authentication, secret key
-------------------------+--------------------------------------------------

Comment(by link2caro):

 quoted from "pluggable.php"

 /**
  * Get salt to add to hashes to help prevent attacks.
  *
  * The secret key is located in two places: the database in case the
 secret key
  * isn't defined in the second place, which is in the wp-config.php file.
 If you
  * are going to set the secret key, then you must do so in the wp-
 config.php
  * file.
  *
  * The secret key in the database is randomly generated and will be
 appended to
  * the secret key that is in wp-config.php file in some instances. It is
  * important to have the secret key defined or changed in wp-config.php.
  *
  * If you have installed WordPress 2.5 or later, then you will have the
  * SECRET_KEY defined in the wp-config.php already. You will want to
 change the
  * value in it because hackers will know what it is. If you have upgraded
 to
  * WordPress 2.5 or later version from a version before WordPress 2.5,
 then you
  * should add the constant to your wp-config.php file.
  *
  * Below is an example of how the SECRET_KEY constant is defined with a
 value.
  * You must not copy the below example and paste into your wp-config.php.
 If you
  * need an example, then you can have a
  * {@link https://api.wordpress.org/secret-key/1.1/ secret key created}
 for you.
  *
  * <code>
  * define('SECRET_KEY', 'mAry1HadA15|\/|b17w55w1t3asSn09w');
  * </code>

 Is this PHPDoc correct for 2.7+, there is no SECRET_KEY since 2.6, is it?

 Ticket -> invalid because if the keys are not changed, the auto-generated
 keys which are stored in DB are used.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/9725#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list