View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0009191 | mantisbt | scripting | public | 2008-05-21 18:49 | 2011-08-05 02:25 |
Reporter | giallu | Assigned To | dhx | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | duplicate | ||
Product Version | 1.1.1 | ||||
Summary | 0009191: obsolete and remove $g_password_confirm_hash_magic_string | ||||
Description | This variable is used in few places as a "salt" string, but my guess is many installations it is left at default value, defeating its purpose. From a quick check, it seems we can get rid of it completely. Otherwise, we need to fin a better way to create it, possibly as a real random string at installation time. | ||||
Tags | No tags attached. | ||||
I agree that this string should be a random string that is generated at install time. I'm not sure what features will break if this string breaks. From memory this is only used for authenticated RSS. |
|
Already obsoleted by 0010730. |
|