Joel Uckelman schrieb:
> The comment which describes ENCRYPTED_PASSWD in config/config-dist.ini is
> at variance with the actual setting:
>
> ; It is recommended that you use the passencrypt.php utility to encode the
> ; admin password, in the event that someone gains ftp or ssh access to the
> ; server and directory containing phpwiki. Once you have pasted the
> ; encrypted password into ADMIN_PASSWD, uncomment this next line.
> ENCRYPTED_PASSWD = true
>
> 1) The last line isn't commented by default, contrary to the comment.
> 2) It wouldn't matter if it were commented, since ENCRYPTED_PASSWD = true
> in config/config-default.ini anyway.
>
> What's the correct behavior here? Do we want it to work as described in
> the comment (in which case the last line should read
>
> ENCRYPTED_PASSWD = false
>
> and the comment should say to set it to true) or do we want encrypted
> passwords to be on by default, as the setting in config/config-default.ini
> would indicate?
I would say leave encrypted as default and change the wording in
config/config-dist.ini.
The configurator creates encrypted passwords per default.
; Encrypted passwords are default. It is recommended that you use
; the passencrypt.php or the configurator.php utility to encode
; the admin password, in the event that someone gains ftp or shell
; access to the server and directory containing phpwiki. To use plain
; text passwords, esp. the ADMIN_PASSWD set ENCRYPTED_PASSWD to false.
; ENCRYPTED_PASSWD = true
--
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban
http://phpwiki.org
|
