Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Secure session variable generation #7

Merged
merged 2 commits into from Jun 12, 2012

Conversation

Projects
None yet
3 participants
Contributor

thefotios commented Jun 11, 2012

Modified the wp-config.php script to generate more secure variables.

First, it ensures we are running the app on OpenShift. Then it checks for OPENSHIFT_SECRET_TOKEN or creates it by generating a SHA256 hash of OPENSHIFT_APP_NAME + OPENSHIFT_APP_UUID.

It then generates secure variables by seeding the RNG with that hash and the name of the variable to generate and creating a random string from the RNG.

Fotios Lindiakos added some commits Jun 11, 2012

Contributor

thefotios commented Jun 11, 2012

Will wait to pull this request until testing comes back. An easy way to see the affected variables is to merge this branch: https://github.com/fotioslindiakos/wordpress-example/tree/secure_session_test

It dumps the variables to the index.php page (obviously we won't include that in the merge).

@gshipley gshipley added a commit that referenced this pull request Jun 12, 2012

@gshipley gshipley Merge pull request #7 from fotioslindiakos/secure_session
Secure session variable generation
1a2c4e6

@gshipley gshipley merged commit 1a2c4e6 into openshift-quickstart:master Jun 12, 2012

@fotioslindiakos does this commit mean that I don't need to seed my own set of tokens from https://api.wordpress.org/secret-key/1.1/salt/ ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment