Installer: cleaned up CSS header; updated comments in config.php to not say that passwords are stored with AES (as they are now stored with HMAC-SHA1)
authorDan
Sat, 12 Dec 2009 17:30:46 -0500
changeset 1164 1cd9e6df6f27
parent 1163 1b90f6c41d9c
child 1166 b20ec1599bfe
Installer: cleaned up CSS header; updated comments in config.php to not say that passwords are stored with AES (as they are now stored with HMAC-SHA1)
install/images/css/installer.css
install/includes/payload.php
--- a/install/images/css/installer.css	Sat Dec 12 16:45:52 2009 -0500
+++ b/install/images/css/installer.css	Sat Dec 12 17:30:46 2009 -0500
@@ -1,7 +1,6 @@
 /*
  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.1.1
- * Copyright (C) 2006-2007 Dan Fuhry
+ * Copyright (C) 2006-2009 Dan Fuhry
  * Installation package
  * installer.css - visual styling rules for the installer
  *
--- a/install/includes/payload.php	Sat Dec 12 16:45:52 2009 -0500
+++ b/install/includes/payload.php	Sat Dec 12 17:30:46 2009 -0500
@@ -253,9 +253,12 @@
   define('ENANO_CONSTANTS', '');
 }
 
-// The AES encryption key used to store passwords. We have a very specific
-// reason for doing this; see the rationale at:
+// The AES encryption key used for encrypting various bits of information,
+// such as cookies, that should not be editable by users. Read about
+// Enano's security model at:
 //   http://docs.enanocms.org/Help:Appendix_B
+// This key was at one point used for passwords as well, but this is no
+// longer true.
 \$crypto_key = '$site_key';
 
 EOF;