Project

General

Profile

Actions
Copy link

Bug #21856

closed

Salt keys missing from Reclaim server

Added by Raymond Hoh about 2 months ago. Updated about 1 month ago.

Status:
Resolved
Priority name:
Normal
Assignee:
-
Category name:
Security
Target version:
2.5.2
Start date:
2025-01-24
Due date:
% Done:

0%

Estimated time:
Deployment actions:

Description

While working on the new multisite SSO approach in https://redmine.gc.cuny.edu/issues/21797#note-27 , I noticed that we do not have WP salt keys defined in cac-env-config.php.

Let's add some randomized salts from https://api.wordpress.org/secret-key/1.1/salt/, however when we do, all current login sessions will be invalidated. So this should be done when there is less activity on the site. Once we've added the salts, we can test the new multisite SSO approach as well.

Actions
Copy link
 #1

Updated by Boone Gorges about 2 months ago

Sounds good, Ray. I'll leave this to you to implement. (I believe WP generates salts and keeps them in the database when none are found in the config, but putting them in cac-env-config.php is definitely a better solution.)

Actions
Copy link
 #2

Updated by Boone Gorges about 1 month ago

  • Target version changed from 2.5.1 to 2.5.2
Actions
Copy link
 #3

Updated by Raymond Hoh about 1 month ago

  • Status changed from New to Resolved

Forgot to close this one during multisite SSO testing.

Actions
Copy link

Also available in: Atom PDF