[wp-testers] Question about SECRET_KEY et al.
Kirk M
kmb42vt at gmail.com
Tue Nov 11 14:41:20 GMT 2008
Okay, let's see if I remember this correctly...
The secret key was added to the "wp-config.php" file in the 2.6 series
and was one key only. You could have the key generated for you via the
secret key url you referred to. Then, with 2.6.1(?), the single secret
key was replaced with 3 separate keys as you listed below. With 2.7, the
layout of the "wp-config.php" file was changed but the key info is
basically the same. In short, there's 3 secret keys now instead of just
one, they're just not called secret keys any longer but individually
defined. The api was updated to change the way the keys were generated
but I don't exactly recall why exactly (something to do with the ending
symbols I believe).
If I'm too far off base here, please feel free to correct this info...I
haven't had my second cup of coffee yet.
On 11/11/2008 7:20 AM, Xavier Borderie wrote:
> (cross-posted to wp-testers and wp-docs)
>
> The Codex tells updaters to add the SECRET_KEY line to their wp-config.php file.
> http://codex.wordpress.org/Upgrading_WordPress_Extended#Step_13:_Add_the_SECRET_KEY_definition_to_wp-config.php
> Users could be helped with wp.org itself:
> http://api.wordpress.org/secret-key/1.0/
>
> With 2.7, this has changed:
> SECRET_KEY seems to be no more, and has been replaced in
> wp-config-sample.php with three lines:
> define('AUTH_KEY', 'put your unique phrase here');
> define('SECURE_AUTH_KEY', 'put your unique phrase here');
> define('LOGGED_IN_KEY', 'put your unique phrase here');
> The wp.org API has been updated to reflect that:
> http://api.wordpress.org/secret-key/1.1/ now hanles these 3 lines, and
> not SECRET_KEY.
>
> So, I might be behind about this, but could someone confirm that
> SECRET_KEY is no longer required for salting?
> Is it deprectated, or are the 3 other lines just specialized salting,
> with WP relying on SECRET_KEY if they do not exist?
> Are the 3 new lines required for salting?
> Could someone point me to the rationale behind this change? (trac
> ticket, maybe?)
>
> Finally, while it's safer to salt passwords, should it be made a
> requirements? Or can user simply live with un-salted passwords?
>
> Thanks a lot for any information.
>
>
>
More information about the wp-testers
mailing list