手册:$wgSessionInsecureSecrets
| 此功能已在版本1.43.0中完全移除。 |
| 安全: $wgSessionInsecureSecrets | |
|---|---|
| Allows MediaWiki to work at the cost of storing sensitive session data insecurely. |
|
| 引进版本: | 1.27.0 (Gerrit change 285438; git #0b8b539a) |
| 移除版本: | 1.43.0 (Gerrit change 1027531; git #e4127e58) |
| 允许的值: | (布尔值) |
| 默认值: | false |
| 其他设置: 按首字母排序 | 按功能排序 | |
Details
$wgSessionInsecureSecrets! 请注意:安装OpenSSL扩展是最佳解决方法。MediaWiki will not work out of the box if the PHP openssl extension is not available on the server. If for some reason you cannot install one of these extensions, you can set $wgSessionInsecureSecrets to "true" to make MediaWiki work again. This comes at the cost of storing sensitive session data insecurely.
If one of the two extensions is installed, $wgSessionInsecureSecrets is not set, but none of the cipher algorithms, which MediaWiki supports, is available in that extension, you will get this error message:
Warning: openssl_encrypt(): Unknown cipher algorithm in /wiki/includes/session/Session.php on line 424
This can be fixed like so: In order for OpenSSL to be able to work correctly, you will need one of these cipher algorithm: aes-256-ctr or aes-256-cbc. If you are using mcrypt, it needs to support the rijndael-128 algorithm and either ctr or cbc mode.