Manual talk:$wgProxyKey

If this variable is considered to be depricated for versions >= 1.4.0 why does the wizard that runs when you setup a new wiki produce a LocalSettings.php file which still uses that variable ?

--141.41.37.95 14:08, 20 September 2006 (UTC)Reply

Very good question. In the latest version of the installer, $wgProxyKey is still being used, not $wgSecretKey. What's up with that? Which one should we be using? --TonyV 03:29, 1 February 2007 (UTC)Reply

This is logged as bugzilla:8783. --HappyDog 18:41, 7 February 2007 (UTC)Reply

Deprecated or not, it would be good to know what this value was used for. Could a short explanation be written for posterity? --Gadlen 16:14, 15 March 2007 (UTC)Reply

I disclaim everything here. This is only my opinion!!!

ProxyTools.php and SpecialBlockme.php was therefore bypassed when $wgProxyKey is false. The result is when some Proxy options were enabled, many sysops reported "hostile TCP port scans" and other major problems of proxies. Therefore, $wgProxyKey is deprecated.

$wgSecretKey This value is used to generate a persistent cookie for authentication that is resilient to spoofing by generating a random code in User.php and therefore bypassing the two above php files of proxy.

Improved documentation in this matter would be good. After all, someone who is capable of figuring out spoofing attacks may be luckily enough to receive an admin account.

The following is only a LocalSettings.php example.

$wgSecretKey = "d90f73457903d8g4wcf5t8efow467809d53ffg7w49048t0w57vb390";