To the members of VB…

This is a quick post, but there was some changes made here which will require you to log in again. There was some security changes made to the current version of WordPress I’m using, such as a new cookie protocol.

The information below was sent through the wp-testers list a few hours ago, which requires users to re-log in again. It’s only for your protection. Anyway, here is the information regarding the changes…

(Cross-posted to hackers and testers)

A new cookie protocol has landed in trunk. This protocol is based on the one described here:
http://www.cse.msu.edu/~alexliu/publications/Cookie/cookie.pdf

The cookie is laid out like so:

user name|expiration time|HMAC( user name|expiration time, k)
where k = HMAC(user name|expiration time, sk)
and where sk is a secret key

sk, the secret key, consists of a random string saved to the options table in a “secret” field and a user definable secret key specified in wp-config.php with the SECRET_KEY define. If SECRET_KEY is not defined, the DB connect info is used to construct SECRET_KEY. Cookies can be mass-expired by changing SECRET_KEY or “secret” in the options table.

This protocol requires the hash_hmac() function. This function is
available only in php 5.1.2 and later, so we added a php
implementation of it to compat.php. If you are using PHP versions < 5.1.2, let us know if you have any troubles with regard to hash_hmac().

The cookie design is still being discussed, so expect some more
changes. You can join the ongoing design discussion here:
http://trac.wordpress.org/ticket/5367#comment:29

So if you could please, go here and log in again:
http://vindictivebastard.com/wp-login.php

If anyone (that’s not a bastard bot) would like to Register, please go here:
http://vindictivebastard.com/wp-login.php?action=register

If you happen to have problems logging in, or forgot your password and the password “reminder” isn’t working for you. Please use the Contact page to let me know… Aight, I’m off for bed… later

Post a Comment or Leave a Trackback

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*