Menu
▾
▴
Re: [Phpwiki-talk] ENCRYPTED_PASSWORD default, bug 1175782
|
From: Dan F. <dfr...@cs...> - 2005-04-06 16:17:55
|
Joel Uckelman wrote: >Thus spake Reini Urban: > > >>Joel Uckelman schrieb: >> >> >>>The comment which describes ENCRYPTED_PASSWD in config/config-dist.ini is >>>at variance with the actual setting: >>> >>>; It is recommended that you use the passencrypt.php utility to encode the >>>; admin password, in the event that someone gains ftp or ssh access to the >>>; server and directory containing phpwiki. Once you have pasted the >>>; encrypted password into ADMIN_PASSWD, uncomment this next line. >>>ENCRYPTED_PASSWD = true >>> >>>1) The last line isn't commented by default, contrary to the comment. >>>2) It wouldn't matter if it were commented, since ENCRYPTED_PASSWD = true >>>in config/config-default.ini anyway. >>> >>>What's the correct behavior here? Do we want it to work as described in >>>the comment (in which case the last line should read >>> >>> ENCRYPTED_PASSWD = false >>> >>>and the comment should say to set it to true) or do we want encrypted >>>passwords to be on by default, as the setting in config/config-default.ini >>>would indicate? >>> >>> >>I would say leave encrypted as default and change the wording in >>config/config-dist.ini. >>The configurator creates encrypted passwords per default. >> >> > >Yeah, that's how I was leaning as well. We don't want people using >plain-text passwords unless they have some good reason for it. > > If that is the case, why have a configurable option for it? Better to have a single path that is well documented, accepted by all, easy to use, than multiple paths which need to be explained and understood. Dan |
