bbPress

Simple, Fast, Elegant

bbPress support forums » Installation

so many secrets?

(4 posts)
  • Started 2 months ago by flywitness
  • Latest reply from _ck_
  • This topic is not resolved

  1. flywitness
    Member

    BB_SECRET_KEY

    BB_SECRET_SALT

    (database) secret

    whats the difference? what needs to match what for wp integration?
    can we have some or one without the other? i'm confused.

    WP 2.6 -> BBP 1alpha

    Posted 2 months ago #

  2. cartmanffc
    Member

    necessary for WP 2.6 -> BBP 1alpha:
    WordPress "auth" cookie key
    WordPress "secure auth" cookie key
    WordPress "logged in" cookie key

    Posted 2 months ago #

  3. flywitness
    Member

    thanks for making the effort, but thats not what i asked.

    Posted 2 months ago #

  4. _ck_
    Moderator

    The cookies in bbPress 1.0 and WordPress 2.6 are based on recommendations from a security whitepaper by a top researcher.

    Half of the key used in the cookie is kept in the database and the other half of the key is kept in the configuration file (bb-config.php / wp-config.php)

    The idea is to make it harder for an attacker to compromise the system. They may gain file access but not db access or visa versa - therefore the other half is safe.

    When I say "half" it's not literal - but essentially the secret keys are "salted" with the secret salt. "Salting" is a much more complex operation than needs to be explained here (see wikipedia).

    Posted 2 months ago #

RSS feed for this topic

Reply

You must log in to post.

Code is Poetry.