Hi Andrea,
> However, at the moment, we don't use that key as it should be.
> I think the best thing to do is to upgrade the setup-mysql script to
> make it create a valid secret_key field.
phpMyAdmin has a field called blowfish_secret which I think is quite similar
in function. We generate it a
Hello.
First of all thank you for reporting.
The secret_key in wp-config.php is a security key never used by the user.
I think the user doesn't even need to know it.
However, at the moment, we don't use that key as it should be.
I think the best thing to do is to upgrade the setup-mysql script t
Package: wordpress
Version: 2.5.1-1
Severity: important
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Today I read some bits about one of the recently closed vulnerabilities
closed in 2.5.1. The document told about a new variable SECRET_KEY, that
should be set in wp-config.php. Of course, users h
3 matches
Mail list logo
