diff options
| author | Dries Buytaert <dries@buytaert.net> | 2010-01-14 18:45:17 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2010-01-14 18:45:17 +0000 |
| commit | f818dfe90847f350167055f6207befdc2e4e0f14 (patch) | |
| tree | 69dbd521a79b971912f53bca339fa5060c62cbb8 /sites | |
| parent | 913f2c3a3e3ed55b33f2fffeeec407520aa5d62a (diff) | |
| download | brdo-f818dfe90847f350167055f6207befdc2e4e0f14.tar.gz brdo-f818dfe90847f350167055f6207befdc2e4e0f14.tar.bz2 | |
- Patch #590656 by pwolanin, Pasqualle: harden one-time login links against vulnerability from disclosure of SQL backups, or SQL 'SELECT' injection.
Diffstat (limited to 'sites')
| -rw-r--r-- | sites/default/default.settings.php | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php index d8c3c72e8..15c41a725 100644 --- a/sites/default/default.settings.php +++ b/sites/default/default.settings.php @@ -168,6 +168,25 @@ $db_prefix = ''; $update_free_access = FALSE; /** + * Salt for one-time login links and cancel links, form tokens, etc. + * + * This variable will be set to a random value by the installer. All one-time + * login links will be invalidated if the value is changed. Note that this + * variable must have the same value on every web server. If this variable is + * empty, a hash of the serialized database credentials will be used as a + * fallback salt. + * + * For enhanced security, you may set this variable to a value using the + * contents of a file outside your docroot that is never saved together + * with any backups of your Drupal files and database. + * + * Example: + * $drupal_hash_salt = file_get_contents('/home/example/salt.txt'); + * + */ +$drupal_hash_salt = ''; + +/** * Base URL (optional). * * If you are experiencing issues with different site domains, |