Details
-
Type:
New Feature
-
Status: Done/Fixed
-
Priority:
Trivial
-
Resolution: Fixed/Completed
-
Affects Version/s: 3.3.2
-
Fix Version/s: 3.4.alpha
-
Component/s: None
-
Labels:None
Description
In templates/CRM/common/civicrm.settings.php.tpl, the site key is hardcoded to null:
define( 'CIVICRM_SITE_KEY', null );
For Aegir, we would like to generate it automatically, so it should be a variable:
define( 'CIVICRM_SITE_KEY', '%%siteKey%%' );
Places (that I could find) that check the siteKey in the code test "if ($siteKey)" and that the length is more than 8 characters, so even if it gets set to '', it should not cause security issues.
Another option, imho, is that CiviCRM could generate the key during install. Would it be a security issue? It would make it one less configuration step for people who configure CiviCRM (without Aegir/drush).
Thanks,
matt / bgm