Manual:$wgSecretKey

From MediaWiki.org
Jump to: navigation, search
This page is a translated version of the page Manual:$wgSecretKey and the translation is 29% complete.

Other languages:
English • ‎日本語 • ‎polski
Proxies: $wgSecretKey
This should always be customized to a secret, unique string in LocalSettings.phpManual:LocalSettings.php.
導入されたバージョン: 1.4.0
除去されたバージョン: 使用中
可能な値: 文字列
既定値: false
他の設定: アルファベット順 | 機能順

詳細[edit]

This should always be customized to a secret, unique string in LocalSettings.phpManual:LocalSettings.php. Installer.phpManual:Installer.php sets it to a 64-character random string generated by MWCryptRand::generateHex( $length, true );

When no better sources of entropy are available to MediaWiki, this value is used as a source of cryptographic entropy when generating user_tokenManual:user table#user_tokens to insert into the userManual:user table table which is used as a persistent cookie for authentication (when a user checks "Remember my login on this browser") that is resilient to spoofing. On modern PHP versions with access to /dev/urandom, mcrypt random, or openssl random, these functions are used in lieu of this variable for the purpose of token generation. However this variable is still used for other purposes, so it is still very important it be set to a unique random value even on modern PHP.

警告 警告: If the value of the variable leaks out you should generate a new secret key.

$wgProxyKey[edit]

From 1.3 to 1.4, $wgProxyKey was the documented setting for this. In 1.4, this was marked as deprecated in favor of $wgSecretKey. In 1.24, $wgProxyKey was removed (yes, it really did take almost 10 years to remove).

関連項目[edit]