[pmwiki-users] A robust user registration module
    Wordit Ltd 
    wordituk at googlemail.com
       
    Mon May 24 18:22:43 CDT 2010
    
    
  
On Mon, May 24, 2010 at 11:17 PM, V.Krishn <vkrishn at insteps.net> wrote:
>
> I am guessing $secret is set by admin in some php file.
config.php would be a good place.
> Then secret would become permanent till those users exists,
> and admin would not be able to change the secret when compromised.
You can change a line in config.php whenever you like.
> But then this would not be an issue as $password /s cannot easily be known.
If config.php is compromised then it's probably game over anyway.
That's not really an issue in this context, just standard security for
pmwiki and your web server.
Marcus
    
    
More information about the pmwiki-users
mailing list