On Mon, May 24, 2010 at 11:17 PM, V.Krishn <[email protected]> wrote: > > I am guessing $secret is set by admin in some php file.
config.php would be a good place. > Then secret would become permanent till those users exists, > and admin would not be able to change the secret when compromised. You can change a line in config.php whenever you like. > But then this would not be an issue as $password /s cannot easily be known. If config.php is compromised then it's probably game over anyway. That's not really an issue in this context, just standard security for pmwiki and your web server. Marcus _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
