Menu
▾
▴
Re: [Phpwiki-talk] ENCRYPTED_PASSWORD default, bug 1175782
|
From: Joel U. <uck...@no...> - 2005-04-04 02:34:40
|
Thus spake Reini Urban: > Joel Uckelman schrieb: > > The comment which describes ENCRYPTED_PASSWD in config/config-dist.ini is > > at variance with the actual setting: > > > > ; It is recommended that you use the passencrypt.php utility to encode the > > ; admin password, in the event that someone gains ftp or ssh access to the > > ; server and directory containing phpwiki. Once you have pasted the > > ; encrypted password into ADMIN_PASSWD, uncomment this next line. > > ENCRYPTED_PASSWD = true > > > > 1) The last line isn't commented by default, contrary to the comment. > > 2) It wouldn't matter if it were commented, since ENCRYPTED_PASSWD = true > > in config/config-default.ini anyway. > > > > What's the correct behavior here? Do we want it to work as described in > > the comment (in which case the last line should read > > > > ENCRYPTED_PASSWD = false > > > > and the comment should say to set it to true) or do we want encrypted > > passwords to be on by default, as the setting in config/config-default.ini > > would indicate? > > I would say leave encrypted as default and change the wording in > config/config-dist.ini. > The configurator creates encrypted passwords per default. Yeah, that's how I was leaning as well. We don't want people using plain-text passwords unless they have some good reason for it. -- J. |
