Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix #14087: Installation: create a cryptographically secure master salt
Commit 3f0f379 automatically generated a value for $g_crypto_master_salt during installation based on a very weak mechanism -- an MD5 hash of the current server time. This commit correctly generates a 256bit cryptographically secure salt instead, based on a much stronger source of randomness such as OpenSSL's PRNG or /dev/urandom on Linux systems. When a secure salt cannot be generated the user will need to manually define $g_crypto_master_salt post installation. Carriage return characters have also been removed from the default generated config_inc.php file. These characters are redundant and do not match the line termination standard used throughout MantisBT's code base.
- Loading branch information
1 parent
3f0f379
commit caf21ad
Showing
1 changed file
with
21 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters