Is the Password Salt still needed?

Is the Password Salt still needed?

by Paul Lindgreen -
Number of replies: 2
Picture of Particularly helpful Moodlers

Over the past couple years I've upgraded moodle from 2.2->2.3->2.4->2.5->2.6->2.7

We used to provide a value for $CFG->passwordsaltmain = 'zzzzz';


Documentation states '..Important! If you are upgrading a site from 2.4 or below and you are already using a site-wide salt in your configuration file, you need to keep using it to ensure your existing users can still log in. ..'

Does this apply to my current upgrade from m2.7->2.8 seeing as I've been using it moodle since m2.2?

Or can I safely stop using the password salt without affecting exisiting users?

I get the impression its time to retire 'passwordsaltmain ' setting since 2.5 and on (I could have retired it in the last 2-3 upgrades).


=======

environment

moodle 2.7, windows 2008, IIS 7.5, php 5.5.6, MySQL 5.5.41

Average of ratings: -
In reply to Paul Lindgreen

Re: Is the Password Salt still needed?

by Usman Asar -
Picture of Plugin developers Picture of Testers

Paul, SALT password is not required, and I believe they were removing it from latest Moodle versions.

So far all the IIS based installations I did, never used SALT password and everything worked fine.

Average of ratings: Useful (1)
In reply to Usman Asar

Re: Is the Password Salt still needed?

by Paul Lindgreen -
Picture of Particularly helpful Moodlers

Thanks for the reassurance.

I see its not used in new installations, my concern was whether an older version that previously used it and was then upgraded still needs it, I get the impression it doesn't and user logins will not be affected.

Average of ratings: -