Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 0.16.14

Bug #6551 Secret key in conf.php not taken into account
Submitted: 2006-01-22 18:54 UTC
From: goethals_d at hotmail dot com Assigned: lsmith
Status: Closed Package: LiveUser
PHP Version: 5.0.4 OS: WXP
Roadmaps: (Not assigned)    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 25 + 50 = ?

 
 [2006-01-22 18:54 UTC] goethals_d at hotmail dot com
Description: ------------ Set encryption mode to RC4 in configuration file. If the secret key is set to 'test', I can login. If I modify the secret key to 'word' without changing the DB contents, I can still login. Note that the password encrypted with LiveUser::Crypt_RC4 or the password encrypted with PEAR::Crypt_RC4 using the same secret key do not match. Test script: --------------- conf.php ... 'authContainers' => array( array( 'type' => 'MDB2', 'expireTime' => 3600, 'idleTime' => 1800, 'allowDuplicateHandles' => 0, 'allowEmptyPasswords' => 0, 'passwordEncryptionMode'=> 'RC4', 'secret' => 'test', ...

Comments

 [2006-01-23 12:29 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!