Opened 17 years ago
Closed 16 years ago
#9725 closed enhancement (duplicate)
Authentication Keys
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | minor | Version: | |
| Component: | Security | Keywords: | |
| Focuses: | Cc: |
Description
Should we implement the keys generator into setup-config.php?
Change History (6)
#4
@
17 years ago
quoted from "pluggable.php"
/
- Get salt to add to hashes to help prevent attacks. *
- The secret key is located in two places: the database in case the secret key
- isn't defined in the second place, which is in the wp-config.php file. If you
- are going to set the secret key, then you must do so in the wp-config.php
- file. *
- The secret key in the database is randomly generated and will be appended to
- the secret key that is in wp-config.php file in some instances. It is
- important to have the secret key defined or changed in wp-config.php. *
- If you have installed WordPress 2.5 or later, then you will have the
- SECRET_KEY defined in the wp-config.php already. You will want to change the
- value in it because hackers will know what it is. If you have upgraded to
- WordPress 2.5 or later version from a version before WordPress 2.5, then you
- should add the constant to your wp-config.php file. *
- Below is an example of how the SECRET_KEY constant is defined with a value.
- You must not copy the below example and paste into your wp-config.php. If you
- need an example, then you can have a
- {@link https://api.wordpress.org/secret-key/1.1/ secret key created} for you. *
- <code>
- define('SECRET_KEY', 'mAry1HadA15|\/|b17w55w1t3asSn09w');
- </code>
Is this PHPDoc correct for 2.7+, there is no SECRET_KEY since 2.6, is it?
Ticket -> invalid because if the keys are not changed, the auto-generated keys which are stored in DB are used.
Note: See
TracTickets for help on using
tickets.
can you provide the current code of the webservice so that this can be better judged?