Menu
▾
▴
Re: [Phpwiki-talk] ENCRYPTED_PASSWORD default, bug 1175782
|
From: Reini U. <ru...@x-...> - 2005-04-07 06:02:35
|
Dan Frankowski schrieb: > Joel Uckelman wrote: > >> Thus spake Reini Urban: >> >> >>> Joel Uckelman schrieb: >>> >>> >>>> The comment which describes ENCRYPTED_PASSWD in >>>> config/config-dist.ini is >>>> at variance with the actual setting: >>>> >>>> ; It is recommended that you use the passencrypt.php utility to >>>> encode the >>>> ; admin password, in the event that someone gains ftp or ssh access >>>> to the >>>> ; server and directory containing phpwiki. Once you have pasted the >>>> ; encrypted password into ADMIN_PASSWD, uncomment this next line. >>>> ENCRYPTED_PASSWD = true >>>> >>>> 1) The last line isn't commented by default, contrary to the comment. >>>> 2) It wouldn't matter if it were commented, since ENCRYPTED_PASSWD = >>>> true >>>> in config/config-default.ini anyway. >>>> >>>> What's the correct behavior here? Do we want it to work as described >>>> in the comment (in which case the last line should read >>>> >>>> ENCRYPTED_PASSWD = false >>>> >>>> and the comment should say to set it to true) or do we want encrypted >>>> passwords to be on by default, as the setting in >>>> config/config-default.ini >>>> would indicate? >>>> >>> >>> I would say leave encrypted as default and change the wording in >>> config/config-dist.ini. >>> The configurator creates encrypted passwords per default. >>> >> >> >> Yeah, that's how I was leaning as well. We don't want people using >> plain-text passwords unless they have some good reason for it. >> >> > > If that is the case, why have a configurable option for it? Better to > have a single path that is well documented, accepted by all, easy to > use, than multiple paths which need to be explained and understood. Legacy. Unencrypted was default until 1.3.11 -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban http://phpwiki.org |
