[wp-trac] [WordPress Trac] #12159: Define random keys and salts during setup-config.php
WordPress Trac
wp-trac at lists.automattic.com
Thu Feb 11 22:47:38 UTC 2010
#12159: Define random keys and salts during setup-config.php
-------------------------+--------------------------------------------------
Reporter: nacin | Owner: ryan
Type: enhancement | Status: new
Priority: normal | Milestone: 3.0
Component: Security | Version:
Severity: normal | Keywords:
-------------------------+--------------------------------------------------
Changes (by westi):
* keywords: has-patch commit =>
Comment:
Replying to [comment:8 dd32]:
> > [13026]
>
> With the addition of the extra constants to the sample wp-config.php, It
should be checked to see if the functions which use those fall back on a
psuedorandom salt in the case that they are already defined.. Dont want
half of any custom manual installs using the same salt..
Reviewed with the following results:
* SECRET_KEY, AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, NONCE_KEY do
check
* AUTH_SALT, SECRET_SALT, SECURE_AUTH_SALT, LOGGED_IN_SALT, NONCE_SALT
don't check.
Patch incoming.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12159#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list