Joel Uckelman wrote:
>Thus spake Reini Urban:
>
>
>>Joel Uckelman schrieb:
>>
>>
>>>The comment which describes ENCRYPTED_PASSWD in config/config-dist.ini is
>>>at variance with the actual setting:
>>>
>>>; It is recommended that you use the passencrypt.php utility to encode the
>>>; admin password, in the event that someone gains ftp or ssh access to the
>>>; server and directory containing phpwiki. Once you have pasted the
>>>; encrypted password into ADMIN_PASSWD, uncomment this next line.
>>>ENCRYPTED_PASSWD = true
>>>
>>>1) The last line isn't commented by default, contrary to the comment.
>>>2) It wouldn't matter if it were commented, since ENCRYPTED_PASSWD = true
>>>in config/config-default.ini anyway.
>>>
>>>What's the correct behavior here? Do we want it to work as described in
>>>the comment (in which case the last line should read
>>>
>>> ENCRYPTED_PASSWD = false
>>>
>>>and the comment should say to set it to true) or do we want encrypted
>>>passwords to be on by default, as the setting in config/config-default.ini
>>>would indicate?
>>>
>>>
>>I would say leave encrypted as default and change the wording in
>>config/config-dist.ini.
>>The configurator creates encrypted passwords per default.
>>
>>
>
>Yeah, that's how I was leaning as well. We don't want people using
>plain-text passwords unless they have some good reason for it.
>
>
If that is the case, why have a configurable option for it? Better to
have a single path that is well documented, accepted by all, easy to
use, than multiple paths which need to be explained and understood.
Dan
|
