LWN.net Logo

Wordpress Cookie Authentication Vulnerability

Wordpress Cookie Authentication Vulnerability

Posted Nov 20, 2007 18:03 UTC (Tue) by Max.Hyre (subscriber, #1054)
In reply to: Wordpress Cookie Authentication Vulnerability by Velmont
Parent article: Wordpress Cookie Authentication Vulnerability

Wouldn't that be safer if every user must define config['salt'] in their config file?
No. Anything the user adds to the authentication process weakens it: witness passwords. If you want to use salt, generate it yourself; otherwise you'd get config['mh'] all over the place. (Where ``mh'' is the user's initials.)


(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.