Skip to content

Crypt improvements #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
clobee wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Crypt improvements #1

clobee wants to merge 3 commits into from

Conversation

@clobee
Copy link
Collaborator

@clobee clobee commented Sep 11, 2024

Main change concerns the use of "SECURE_AUTH_SALT"

@clobee clobee requested a review from jojobote September 11, 2024 12:02
@clobee clobee closed this Sep 12, 2024
jojobote
jojobote reviewed Sep 12, 2024
View reviewed changes
Copy link
Collaborator

@jojobote jojobote left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we want to check env variables for the just the salt and not vector too ? Good otherwise !

@clobee clobee reopened this Sep 13, 2024
@clobee
Copy link
Collaborator Author

clobee commented Sep 13, 2024

@jojobote I am now getting the Init Vector from the wp-config as well just like the the passphrase.
This makes it like a 2 factor authentication: Any attacker will need the wp-config.php and the database to a successful attack.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jojobote jojobote jojobote left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@clobee @jojobote