Gaurav Sharma
Reputation: 2848
Is it safe to change the 'Security.salt' line to a more lengthy string {64 hex key}
I have changed the
Configure::write('Security.salt', '############');config/core.php
file to a '256-bit hex key'. Is it safe or a good practice to change these lines for every different installation of cakephp application or shall I revert back to the original ?
I also changed the
Configure::write('Security.cipherSeed','7927237598237592759727');Please throw some light on this.
Thanks
Upvotes: 0
Views: 1338
Answers (1)
nduplessis
Reputation: 12436
It is absolutely necessary that you change the salt values. When you do a clean install of CakePHP the default home page will give a warning if you have not changed the salt value.
On the salt length, see this discussion: What is the optimal length for user password salt?
Upvotes: 3
Related Questions
- fetch security salt in cakephp 3
- In CakePHP, Is there a safer way to store secrets in database.php and core.php?
- Installation error: Please change the value of 'Security.salt' in app/config/core.php to a salt value specific to your application
- Security.salt value in controller
- Configuration setting 'Security.level' in CakePHP 2.x still used?
- Cakephp: How to change the salt and cipherseed after the application is live
- Security salt issues with CakePHP
- Why should we change the Security Salt value in CakePHP?
- Disabling Security Salt for plain MD5 hashing in AuthComponent?
- Using cakephp's Auth component with salted password hashes