Use Security::randomBytes(64) for the newKey

cakephp · Nov 13, 2016 · 615ae01 · 615ae01
1 parent e5005a3
commit 615ae01
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/Console/Installer.php b/src/Console/Installer.php
@@ -14,6 +14,7 @@
  */
 namespace App\Console;
 
+use Cake\Utility\Security;
 use Composer\Script\Event;
 use Exception;
 
@@ -174,17 +175,19 @@ public static function setSecuritySalt($dir, $io)
         $config = $dir . '/config/app.php';
         $content = file_get_contents($config);
 
-        $newKey = hash('sha256', $dir . php_uname() . microtime(true));
+        $newKey = hash('sha256', Security::randomBytes(64));
         $content = str_replace('__SALT__', $newKey, $content, $count);
 
         if ($count == 0) {
             $io->write('No Security.salt placeholder to replace.');
+
             return;
         }
 
         $result = file_put_contents($config, $content);
         if ($result) {
             $io->write('Updated Security.salt value in config/app.php');
+
             return;
         }
         $io->write('Unable to update Security.salt value.');