[wp-trac] [WordPress Trac] #15088: Reduce Remote Dependency of the Network Admin

WordPress Trac wp-trac at lists.automattic.com
Fri Mar 18 19:17:10 UTC 2011 

#15088: Reduce Remote Dependency of the Network Admin
--------------------------------------+-----------------------
 Reporter:  hakre                     |       Owner:
     Type:  feature request           |      Status:  reopened
 Priority:  normal                    |   Milestone:
Component:  General                   |     Version:  3.0
 Severity:  normal                    |  Resolution:
 Keywords:  needs-patch dev-feedback  |
--------------------------------------+-----------------------

Comment (by hakre):

 Replying to [comment:15 azaozz]:
 > Replying to [comment:14 hakre]:
 > > ...
 > > I've been looking into that function and I think we can do better for
 salts if /dev/urandom is available.
 >
 > If you want to improve `wp_generate_password()`, by all means, please do
 so in a new ticket.

 Yes, that would be out of scope of this ticket for me.

 > However keep in mind the above comment by @dd32. As the API uses
 functions that are external to PHP and are not available on the majority
 of servers (or are unreliable), it is impossible to implement the same
 code in core.

 Figures of quantities of the significance to the status of availability
 have not been provided in that comment, so it's actually hard to say at
 all for sure.

 > > Keep in mind that the generation is only part of the scope of the
 feature request. Furthermnost part is to reduce the dependency from remote
 while keeping up the same level of quality of the salts if possible.
 >

 > > If you can however provide more and better code, I would appreceate
 that.
 >
 > No, not at this time. May be able to come back to it in a few weeks.

 Thanks.

 > If you insist to keep this ticket open please change the
 title/description to reflect that it suggests using
 `wp_generate_password()` to fill the secret keys and salts in wp-config
 during installation if the API is not available. And of course a patch
 would be nice :-)

 You must have misread this feature request. It's about not using the
 remote API at all if the same functionality is already truly available on
 the server.

 Some additional improvement of the wp_generate_password() function might
 be generally considerable and welcome by me, but it is obviously out of
 the scope of this ticket for me.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/15088#comment:16>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list