[pmwiki-users] A robust user registration module

Wordit Ltd wordituk at googlemail.com
Mon May 24 18:22:43 CDT 2010

On Mon, May 24, 2010 at 11:17 PM, V.Krishn <vkrishn at insteps.net> wrote:
> I am guessing $secret is set by admin in some php file.

config.php would be a good place.

> Then secret would become permanent till those users exists,
> and admin would not be able to change the secret when compromised.

You can change a line in config.php whenever you like.

> But then this would not be an issue as $password /s cannot easily be known.

If config.php is compromised then it's probably game over anyway.
That's not really an issue in this context, just standard security for
pmwiki and your web server.


More information about the pmwiki-users mailing list