WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 16 months ago

#15088 closed feature request (wontfix)

Reduce Remote Dependency of the Network Admin

Reported by: hakre Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.0
Component: Network Admin Keywords: needs-patch dev-feedback
Focuses: multisite Cc:

Description

The Network Admin Setup makes use of 'https://api.wordpress.org/secret-key/1.1/salt/', a kind of webserverice/webapi to generate keys.

I assume that the code there is some little PHP that could easily ship with the codebase itself.

So it would be nice to have such routines in core. Maybe wordpress.org can just donate their code?

Change History (18)

comment:1 follow-up: nacin4 years ago

We already have wp_generate_password(). The one on wordpress.org uses /dev/urandom/ which cannot be guaranteed to exist. If we can reach the API, it would be better to use it.

comment:2 hakre4 years ago

Please share the code for review.

comment:3 hakre4 years ago

udev/random Related: #12148 / class-phpass.php

comment:4 hakre3 years ago

It would be nice if one of those who have access to the source-code of the webservice can actually make visible what creates the output from that URL.

comment:5 westi3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

The API is the most reliable way to do this.

Building it into core isn't a good solution

comment:6 hakre3 years ago

  • Resolution invalid deleted
  • Status changed from closed to reopened

A remote API is not reliable at all if it's not available (e.g. blocked network connections).

I guess there is some standard PHP code runnong on worpdress.org, would be nice you can just provide it here as well so we can take a look.

Related: #12159

comment:7 westi3 years ago

  • Resolution set to invalid
  • Status changed from reopened to closed

comment:8 hakre3 years ago

  • Keywords needs-patch added
  • Resolution invalid deleted
  • Status changed from closed to reopened
  • Type changed from enhancement to feature request

Westi, then I place this a feature request. I'd like to have the same functionality in core that is offered by the remote API.

If you could provide the source-code of that part of the remote API that would make it more easy to create a patch. Thanks.

Last edited 3 years ago by hakre (previous) (diff)

comment:9 in reply to: ↑ 1 hakre3 years ago

Replying to nacin:

We already have wp_generate_password(). The one on wordpress.org uses /dev/urandom/ which cannot be guaranteed to exist. If we can reach the API, it would be better to use it.

So does this technically mean, that if /dev/urandom is available on the local system, the remote request would not be necessary at all?

comment:10 hakre3 years ago

  • Keywords dev-feedback added

comment:11 follow-up: dd323 years ago

that if /dev/urandom is available on the local system, the remote request would not be necessary at all?

It's not as simple as that.

Yes, If a true random source is available locally, then a remote request would not be required.

However, A significant proportion of WordPress installations are in environments where WordPress are unable to either a) determine if they have a random source available and accessible or b) unable to rely upon said random source.

Many installations will block access to files outside of certain directories, and is_readable() is not always reliable (Causing either a Warning/Notice to be issued at the time of checking, or upon actually accessing file after is_readable has given the all clear).

It comes down to reliability and ensuring that all users get the best possible security available to them.

In the standard wp-config.php generator, we offer the ?no-api call to bypass remote API calls, I'm not sure if something similar is offered for the Network Creator.

comment:12 in reply to: ↑ 11 ; follow-up: hakre3 years ago

Replying to dd32:

that if /dev/urandom is available on the local system, the remote request would not be necessary at all?

It's not as simple as that.

Yes, If a true random source is available locally, then a remote request would not be required.

Thanks for clarification.

However, A significant proportion of WordPress installations are in environments where WordPress are unable to either a) determine if they have a random source available and accessible or b) unable to rely upon said random source.

Can you share more information about how significant that proportion of WordPress installations actually is?

I can imagine the problems you're talking about, that's no different as requesting some remote API it just might fail as well.

In the standard wp-config.php generator, we offer the ?no-api call to bypass remote API calls, I'm not sure if something similar is offered for the Network Creator.

Yes, ?no-api was introduced in [13232] it has not been explicitly discussed in the related #12159.

I wonder if it's possible to get the code that works on the remote site to genreate the salts and offer it with core. If the better random source is not available, current options do still work but if it truly is, then this is what I'm looking for.

comment:13 in reply to: ↑ 12 ; follow-up: azaozz3 years ago

  • Resolution set to wontfix
  • Status changed from reopened to closed

Replying to hakre:

...
I wonder if it's possible to get the code that works on the remote site to genreate the salts and offer it with core...

There are 2-3 methods to generate a random string in PHP. Core already has this implemented:

wp_generate_password( 64, true, true );

I don't see why we would need another implementation.

comment:14 in reply to: ↑ 13 ; follow-up: hakre3 years ago

  • Resolution wontfix deleted
  • Status changed from closed to reopened

Replying to azaozz:

Replying to hakre:

...
I wonder if it's possible to get the code that works on the remote site to genreate the salts and offer it with core...

There are 2-3 methods to generate a random string in PHP. Core already has this implemented:

wp_generate_password( 64, true, true );

I don't see why we would need another implementation.

I've been looking into that function and I think we can do better for salts if /dev/urandom is available.

Keep in mind that the generation is only part of the scope of the feature request. Furthermnost part is to reduce the dependency from remote while keeping up the same level of quality of the salts if possible.

If you can however provide more and better code, I would appreceate that.

Last edited 3 years ago by hakre (previous) (diff)

comment:15 in reply to: ↑ 14 ; follow-up: azaozz3 years ago

Replying to hakre:

...
I've been looking into that function and I think we can do better for salts if /dev/urandom is available.

If you want to improve wp_generate_password(), by all means, please do so in a new ticket. However keep in mind the above comment by @dd32. As the API uses functions that are external to PHP and are not available on the majority of servers (or are unreliable), it is impossible to implement the same code in core.

Keep in mind that the generation is only part of the scope of the feature request. Furthermnost part is to reduce the dependency from remote while keeping up the same level of quality of the salts if possible.

I don't see a problem in using wp_generate_password() when the API is not available, even if the randomness of the strings is of a lesser quality. It would be better to have secret keys and salts in wp-config in any case.

If you can however provide more and better code, I would appreceate that.

No, not at this time. May be able to come back to it in a few weeks.

If you insist to keep this ticket open please change the title/description to reflect that it suggests using wp_generate_password() to fill the secret keys and salts in wp-config during installation if the API is not available. And of course a patch would be nice :-)

Last edited 3 years ago by azaozz (previous) (diff)

comment:16 in reply to: ↑ 15 hakre3 years ago

Replying to azaozz:

Replying to hakre:

...
I've been looking into that function and I think we can do better for salts if /dev/urandom is available.

If you want to improve wp_generate_password(), by all means, please do so in a new ticket.

Yes, that would be out of scope of this ticket for me.

However keep in mind the above comment by @dd32. As the API uses functions that are external to PHP and are not available on the majority of servers (or are unreliable), it is impossible to implement the same code in core.

Figures of quantities of the significance to the status of availability have not been provided in that comment, so it's actually hard to say at all for sure.

Keep in mind that the generation is only part of the scope of the feature request. Furthermnost part is to reduce the dependency from remote while keeping up the same level of quality of the salts if possible.

If you can however provide more and better code, I would appreceate that.

No, not at this time. May be able to come back to it in a few weeks.

Thanks.

If you insist to keep this ticket open please change the title/description to reflect that it suggests using wp_generate_password() to fill the secret keys and salts in wp-config during installation if the API is not available. And of course a patch would be nice :-)

You must have misread this feature request. It's about not using the remote API at all if the same functionality is already truly available on the server.

Some additional improvement of the wp_generate_password() function might be generally considerable and welcome by me, but it is obviously out of the scope of this ticket for me.

comment:17 ocean903 years ago

  • Milestone set to Awaiting Review

comment:18 nacin16 months ago

  • Component changed from General to Network Admin
  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from reopened to closed
Note: See TracTickets for help on using tickets.