Skip to content

Throw an error if a custom Auth Secret has not been set #87

New issue
New issue
Open
Open
Throw an error if a custom Auth Secret has not been set#87
Labels
effort: lowimpact: highunblocks new usecases, substantial improvement to existing feature, fixes a major bug
@jasonbahl

Description

@jasonbahl
jasonbahl
opened on Apr 1, 2020

Leaving the default Auth Secret makes it easy for Auth Tokens to be forged and attackers to gain access to a site.

This plugin should throw an Exception if the Auth Secret has not been set via filter or the constant.

Metadata

Metadata

Assignees

No one assigned

    Labels

    effort: lowimpact: highunblocks new usecases, substantial improvement to existing feature, fixes a major bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions