Menu
▾
▴
Re: [Phpwiki-talk] ENCRYPTED_PASSWORD default, bug 1175782
|
From: Reini U. <ru...@x-...> - 2005-04-03 17:22:41
|
Joel Uckelman schrieb: > The comment which describes ENCRYPTED_PASSWD in config/config-dist.ini is > at variance with the actual setting: > > ; It is recommended that you use the passencrypt.php utility to encode the > ; admin password, in the event that someone gains ftp or ssh access to the > ; server and directory containing phpwiki. Once you have pasted the > ; encrypted password into ADMIN_PASSWD, uncomment this next line. > ENCRYPTED_PASSWD = true > > 1) The last line isn't commented by default, contrary to the comment. > 2) It wouldn't matter if it were commented, since ENCRYPTED_PASSWD = true > in config/config-default.ini anyway. > > What's the correct behavior here? Do we want it to work as described in > the comment (in which case the last line should read > > ENCRYPTED_PASSWD = false > > and the comment should say to set it to true) or do we want encrypted > passwords to be on by default, as the setting in config/config-default.ini > would indicate? I would say leave encrypted as default and change the wording in config/config-dist.ini. The configurator creates encrypted passwords per default. ; Encrypted passwords are default. It is recommended that you use ; the passencrypt.php or the configurator.php utility to encode ; the admin password, in the event that someone gains ftp or shell ; access to the server and directory containing phpwiki. To use plain ; text passwords, esp. the ADMIN_PASSWD set ENCRYPTED_PASSWD to false. ; ENCRYPTED_PASSWD = true -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban http://phpwiki.org |
