[wp-trac] [WordPress Trac] #15088: Reduce Remote Dependency of the Network Admin
WordPress Trac
wp-trac at lists.automattic.com
Fri Mar 18 17:49:02 UTC 2011
#15088: Reduce Remote Dependency of the Network Admin
--------------------------------------+-----------------------
Reporter: hakre | Owner:
Type: feature request | Status: reopened
Priority: normal | Milestone:
Component: General | Version: 3.0
Severity: normal | Resolution:
Keywords: needs-patch dev-feedback |
--------------------------------------+-----------------------
Comment (by azaozz):
Replying to [comment:14 hakre]:
> ...
> I've been looking into that function and I think we can do better for
salts if /dev/urandom is available.
If you want to improve `wp_generate_password()`, by all means, please do
so in a new ticket. However keep in mind the above comment by @dd32. As
the API uses functions that are external to PHP and are not available on
the majority of servers (or are unreliable), it is impossible to implement
the same code in core.
> Keep in mind that the generation is only part of the scope of the
feature request. Furthermnost part is to reduce the dependency from remote
while keeping up the same level of quality of the salts if possible.
I don't see a problem in using `wp_generate_password()` when the API is
not available, even if the randomness of the strings is of a lesser
quality. It would be better to have secret keys and salts in wp-config in
any case.
> If you can however provide more and better code, I would appreceate
that.
No, not at this time. May be able to come back to it in a few weeks.
If you insist to keep this ticket open please change the title/description
to reflect that it suggests using `wp_generate_password()` to fill the
secret keys and salts in wp-config during installation. And of course a
patch would be nice :-)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15088#comment:15>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list