Hi,
While checking newly installed OJS 3, I have come across with salt. In the security section, there is a field:
salt YouMustSetASecretKeyHere!!
Should I change that? If yes, with what? Is there salt generators? Is there any specific criteria for it. Thank you.
Regards,
Emre.
pkel
November 16, 2016, 12:00pm
2
Hello,
change this to something random. You can use a password generator like the one in duckduckgo .
Best,
Patrik
2 Likes
bozana
November 16, 2016, 1:55pm
3
And DON’T lose it then! If you lose it, all passwords will have to change again, I believe
The config.inc.php documentation suggests that this salt is only used for password resets, and I think that is correct. The passwords themselves are not dependent on this value.
bozana
November 16, 2016, 3:52pm
5
Aaaaaaa… I thought it is used for all passwords hashes… Sorry!