Manual:$wgSecretKey

From MediaWiki.org
(Redirected from Manual:$wgProxyKey)
Jump to: navigation, search
Proxies: $wgSecretKey
This should always be customized in LocalSettings.php
Introduced in version: 1.4.0
Removed in version: still in use
Allowed values:
Default value: false

Other settings: Alphabetical | By Function


[edit] Details

This should always be customized in LocalSettings.php

This value is used as cryptographic entropy when generating user_token's to insert into the users table which is used as a persistent cookie for authentication that is resilient to spoofing.

Warning Warning: If the value of the variable leaks out you must generate a new secret key and generate brand new user_token values for the user table. Otherwise the entropy of previously generated tokens will be significantly reduced and would only take a matter of time for a semi-determined cracker to compromise user accounts on your wiki.

[edit] $wgProxyKey

From 1.3 to 1.4, $wgProxyKey was the documented setting for this. In 1.4, this was marked as deprecated in favor of $wgSecretKey.

Retrieved from "http://www.mediawiki.org/w/index.php?title=Manual:$wgSecretKey&oldid=495203#.24wgProxyKey"
Personal tools
Namespaces
Variants
Actions
Site
Support
Download
Development
Communication
Print/export
Toolbox