drupal-project icon indicating copy to clipboard operation
drupal-project copied to clipboard

Published 20 hours ago verified publisher icon drupal-composer

Generate hash_salt while install

Open zviryatko opened this issue 9 years ago • 3 comments

If you have an active project based on this repo and someone has cloned it and running locally he gets php throwable error, because Drupal is required a hash salt. So is it secure to generate hash_salt in post-install script via this command? echo "\$settings['hash_salt'] = '$(php -r 'print bin2hex(openssl_random_pseudo_bytes(32, $cstrong = TRUE));')';" >> web/sites/default/settings.php

zviryatko avatar Dec 25 '15 07:12 zviryatko

openssl_random_pseudo_bytes is available in php 5.3 and later, so seems good to me.

Maybe we should first check to see if settings.php already defines 'hash_salt'?

greg-1-anderson avatar Jan 29 '16 22:01 greg-1-anderson

We can put it into this check: if [ ! -f web/sites/default/settings.php ].

zviryatko avatar Jan 29 '16 22:01 zviryatko

The code that preps and copies settings.php in scripts/composer/ScriptHandler.php is in a conditional check for settings.php already existing. So why does running composer require wipe my salt value?

FatherShawn avatar Aug 29 '17 10:08 FatherShawn