john.glover at okfn.org
Tue Feb 5 09:14:35 UTC 2013
It is used by the Python Paste library  that CKAN uses to manage cookie
authentication tickets. This follows the implementation used by the
mod_auth_tkt module for Apache . The secret is part of the MD5 checksum
that is used to validate a cookie, and so must be changed in order to
prevent a possible source of attack.
On 5 February 2013 00:26, Dimitrios Mexis <dimitrios.mexis at tenforce.com>wrote:
> Just to clarify this "who.ini".
> As we followed the instruction to copy the who.ini :
> We created users before this change. It seems alright.
> $ cp
> However it concerns us, why we need to change a "secretkey", and why it is
> called as such ?
> What does it do ?
> Should we take care something else ?
> Ecodp-dev mailing list
> Ecodp-dev at lists.okfn.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ecodp-dev