Joomla.it Forum

Joomla! 1.0.x (versione con supporto terminato) => Le voci di Joomla.it (solo per versione Joomla 1.0.x) => : TH3WiZARD 14 Dec 2006, 23:48:51

: Parola segreta
: TH3WiZARD 14 Dec 2006, 23:48:51

Salve

Se vado in Impostazioni globali >> server trovo la voce "parola segreta"
a questa voce un codice "naturalmente segreto...!!!" :)
a che serve?

arrivederci
grazie

: Re: Parola segreta
: gallus 15 Dec 2006, 08:06:06

E' un... segreto  ;D

: Re: Parola segreta
: carlodamo 06 Feb 2007, 17:12:51

stavo facendo il corso on-line di franco, in una lezione ci dice di cambiare IMMEDIATAMENTE la parola segreta del sito non appena carichiamo il sito stesso sul server.
ma bisogna farlo? Mi sembrava di aver letto che non aveva implicazioni....

: Re: Parola segreta
: giak 06 Feb 2007, 22:22:46

sposto in una sezione piu' consona

: Re: Parola segreta
: joomlapixel 06 Feb 2007, 23:24:15

La questione prendeva spunto proprio da indicazioni dei developer e credo fosse legata all'eventualitā che il codice generato potesse essere utilizzato in maniera fraudolenta,ma credo (e chiedo anche l'intervento dei programmers a smentirmi o meno) che non si sia mai verificato niente a questo livello.
fd

: Re: Parola segreta
: kappe 07 Feb 2007, 08:42:38

La parola segreta viene utilizzata per algoritmi di sicurezza:



Secret Word: This is a unique alpha-numeric code for every Joomla! installation. It is created when Joomla! is first installed. It is used for security functions. See below...

warning_711_small Warning: If it was necessary to create the configuration.php file from the configuration.php-dist file included with every installation of Joomla! then it is recommended to edit the default Secret Word to something else to make the installation more secure. Find the entry mosConfig_secret and edit accordingly.

Ora che sappiamo cosa č MosConfig secret, vwsiamo a cosa serve:

Session Authentication Method: Control how Session Authentication is handled within Joomla!. Select one of three options the first of which is the default level:

    * Level 3 Security - Highest and default.
    * Level 2 Security - Allow for proxy IP's.
    * Level 1 Security - Backward Compatibility.

Level 3 Security creates a session_id  based on the mosConfig_secret reference + a Random Number + the Users Full IP address + the User Agent reference.

Level 2 Security creates a session_id based on the mosConfig_secret reference + a Random Number + the Users Subnet IP address + the User Agent reference. This was developed to assist web sites whose Users may primarily connect via AOL or are behind a Proxy bank. This is a less secure option than Level 3.

Level 1  Security creates a session_id based only on a Random Number + the Users Full IP address. This is an old and outdated way of doing things. This is the least secure method and should not really be considered.

In the above descriptions the following describes the individual element:

    * User Agent information is based on the browser and system that a User is connecting to the web site with. It might look like this:

    Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0

    * mosConfig_secret is a random alpha-numeric code generated when a Joomla! web site is first installed. This is a fairly unique identifier of each Joomla! web site. See Security Word above.