[wp-testers] Two questions about wp-config.php
Otto
otto at ottodestruct.com
Mon Dec 8 20:20:18 GMT 2008
The problem is that there's no good way to get truly random numbers.
-Reading /dev/urandom works okay on Linux boxes, but not on Windows.
-Windows can have the COM class available to it, which would let you
call CAPICOM.Utilities.1->GetRandom() from the Windows Cryptography
COM library. That would give secure bytes. You'd have to check for
class_exists on COM first.
-PHP 5.3 contains openssl_random_psuedo_bytes, so that could be an
option as well if that function_exists.
Maybe a generic function designed to return secure random bytes under
a number of platforms is called for? This has to already exist
somewhere, can't we just reuse somebody else's code?
On Mon, Dec 8, 2008 at 11:07 AM, Xavier Borderie <xavier at borderie.net> wrote:
>> Bad idea. It'd be safer to write a really good random number generator
>> function into your installer program. Sending your secret keys over
>> the internet kind of defeats the point, really. The secret-key
>> generator on wp.org is a convenience, not intended to be the end-all
>> be-all of security.
>
> I thought of that, yeah :)
> I imagine the secret-key generator is in PHP, so there would be little
> work putting that into setup-config.
> Still, having to open and edit wp-config should be a thing of the past.
>
>
> --
> Xavier Borderie
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>
More information about the wp-testers
mailing list