summaryrefslogtreecommitdiffstats
path: root/sites
diff options
context:
space:
mode:
authorDries Buytaert2010-01-14 18:45:17 (GMT)
committerDries Buytaert2010-01-14 18:45:17 (GMT)
commitf818dfe90847f350167055f6207befdc2e4e0f14 (patch)
tree69dbd521a79b971912f53bca339fa5060c62cbb8 /sites
parent913f2c3a3e3ed55b33f2fffeeec407520aa5d62a (diff)
- Patch #590656 by pwolanin, Pasqualle: harden one-time login links against vulnerability from disclosure of SQL backups, or SQL 'SELECT' injection.
Diffstat (limited to 'sites')
-rw-r--r--sites/default/default.settings.php19
1 files changed, 19 insertions, 0 deletions
diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php
index d8c3c72..15c41a7 100644
--- a/sites/default/default.settings.php
+++ b/sites/default/default.settings.php
@@ -168,6 +168,25 @@ $db_prefix = '';
$update_free_access = FALSE;
/**
+ * Salt for one-time login links and cancel links, form tokens, etc.
+ *
+ * This variable will be set to a random value by the installer. All one-time
+ * login links will be invalidated if the value is changed. Note that this
+ * variable must have the same value on every web server. If this variable is
+ * empty, a hash of the serialized database credentials will be used as a
+ * fallback salt.
+ *
+ * For enhanced security, you may set this variable to a value using the
+ * contents of a file outside your docroot that is never saved together
+ * with any backups of your Drupal files and database.
+ *
+ * Example:
+ * $drupal_hash_salt = file_get_contents('/home/example/salt.txt');
+ *
+ */
+$drupal_hash_salt = '';
+
+/**
* Base URL (optional).
*
* If you are experiencing issues with different site domains,