[wp-testers] Two questions about wp-config.php
Otto
otto at ottodestruct.com
Mon Dec 8 16:51:12 GMT 2008
On Mon, Dec 8, 2008 at 5:51 AM, Xavier Borderie <xavier at borderie.net> wrote:
> 1) Couldn't http://api.wordpress.org/secret-key/x.x/ be used to
> automatically fill-in the unique phrases, instead of letting the use
> open the file, copy/paste, and start the install.
> (maybe it's already the case...)
> WP has a superb installer that takes care of most things with a web
> interface, and these salting values are the only things that still
> require manually changing wp-config.php. It's an API, it should be
> machine-to-machine, not machine-to-human-to-copy-paste-in-file :)
Bad idea. It'd be safer to write a really good random number generator
function into your installer program. Sending your secret keys over
the internet kind of defeats the point, really. The secret-key
generator on wp.org is a convenience, not intended to be the end-all
be-all of security.
Of course, this depends on how paranoid you truly are. ;-)
-Otto
More information about the wp-testers
mailing list