Opened 6 years ago
Last modified 6 years ago
#44425 new enhancement
Add WP_CACHE_KEY_SALT to WordPress.org secret-key service
Reported by: | paulschreiber | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
Currently, the WordPress.org secret-key service
generates AUTH_KEY
, SECURE_AUTH_KEY
, LOGGED_IN_KEY
, NONCE_KEY
, AUTH_SALT
, SECURE_AUTH_SALT
, LOGGED_IN_SALT
and NONCE_SALT
.
It would be helpful if it also generated WP_CACHE_KEY_SALT
. That way, people who install the object-cache.php drop-in would be less likely to experience unexpected behaviour.
See also:
https://github.com/Automattic/wp-memcached/issues/31
Change History (2)
#2
@
6 years ago
WordPress code does not contain "WP_CACHE_KEY_SALT" anywhere in it. Is this for a plugin or something? Seems like the plugin should generate the salt in this case.
Additionally, the WordPress.org API isn't generally used to generate these anymore, core generates these values itself on installation. The salt API still exists as a fallback, but hopefully the random-compat library is now considered random enough to not rely on external sources of entropy.
Also, if we were to modify the API, then we probably would want to add it to a 1.2 endpoint, not the existing 1.1 one. Just so we're not sending out values that are not actually needed.
So, unless there's a really good reason behind this that I don't know about, I'm guessing this is a wontfix.
I cross-posted this to a new Meta ticket at https://meta.trac.wordpress.org/ticket/3678 for the API changes.
On the Core side, shall we add
WP_CACHE_KEY_SALT
towp-config-sample.php
,wp-admin/setup-config.php
,wp-admin/maint/repair.php
, etc?