Jump to content

Handbuch:$wgSecretKey

From mediawiki.org
This page is a translated version of the page Manual:$wgSecretKey and the translation is 50% complete.
Sicherheit: $wgSecretKey
Dies sollte immer zu eine geheime, einzigartige Zeichenkette in LocalSettings.php angepasst werden.
Eingeführt in Version:1.4.0
Entfernt in Version:Weiterhin vorhanden
Erlaubte Werte:(Zeichenkette)
Standardwert:false

Details

Dies sollte immer zu eine geheime, einzigartige Zeichenkette in LocalSettings.php angepasst werden. Installer.php setzt es zu einer Zeichenkette mit 64 Zeichen, die von MWCryptRand::generateHex( 64 ); generiert wird

When no better sources of entropy are available to MediaWiki, this value is used as a source of cryptographic entropy when generating user_token (s) to insert into the user table which is used as a persistent cookie for authentication (when a user checks "Remember my login on this browser") that is resilient to spoofing. On modern PHP versions with access to /dev/urandom, mcrypt random, or openssl random, these functions are used in lieu of this variable for the purpose of token generation. However this variable is still used for other purposes, so it is still very important it be set to a unique random value even on modern PHP.

Warnung Warnung: If the value of the variable leaks out you should generate a new secret key.

$wgProxyKey

From 1.3 to 1.4, $wgProxyKey was the documented setting for this. In 1.4, this was marked as deprecated in favor of $wgSecretKey. In 1.24, $wgProxyKey was removed (yes, it really did take almost 10 years to remove).

Siehe auch