[wp-trac] [WordPress Trac] #12159: Define random keys and salts during setup-config.php
WordPress Trac
wp-trac at lists.automattic.com
Sat Feb 13 21:33:46 UTC 2010
#12159: Define random keys and salts during setup-config.php
-------------------------+--------------------------------------------------
Reporter: nacin | Owner: ryan
Type: enhancement | Status: new
Priority: normal | Milestone: 3.0
Component: Security | Version:
Severity: normal | Keywords:
-------------------------+--------------------------------------------------
Comment(by nacin):
I've uploaded a new patch, [attachment:12159.3.diff], that falls back to
wp_generate_password() when the https request fails. (https is more likely
to fail given that there might not be a transport available.)
It introduces a new constant, WP_SETUP_CONFIG, that way
wp_generate_password() doesn't try to fetch transients that clearly do not
exist. I find that cleaner than checking for function_exists().
I'm also considering additional special characters to
wp_generate_password() (something sivel proposed in #8647) and also a way
(via a URL variable, I imagine) to bypass the https check and go right to
wp_generate_password(), to alleviate concerns in #8647.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12159#comment:13>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list