On Mon, Dec 8, 2008 at 5:51 AM, Xavier Borderie <[EMAIL PROTECTED]> wrote: > 1) Couldn't http://api.wordpress.org/secret-key/x.x/ be used to > automatically fill-in the unique phrases, instead of letting the use > open the file, copy/paste, and start the install. > (maybe it's already the case...) > WP has a superb installer that takes care of most things with a web > interface, and these salting values are the only things that still > require manually changing wp-config.php. It's an API, it should be > machine-to-machine, not machine-to-human-to-copy-paste-in-file :)
Bad idea. It'd be safer to write a really good random number generator function into your installer program. Sending your secret keys over the internet kind of defeats the point, really. The secret-key generator on wp.org is a convenience, not intended to be the end-all be-all of security. Of course, this depends on how paranoid you truly are. ;-) -Otto _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
