cleaned up config options a bit

2014-01-26 09:25:46 -05:00 · 2014-01-26 09:25:46 -05:00 · 795e019d0d
commit 795e019d0d
parent 493c43e0ed
2 changed files with 13 additions and 4 deletions
--- a/public/include/config/global.inc.dist.php
+++ b/public/include/config/global.inc.dist.php
@ -3,15 +3,22 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;

 /**
 * Forces extra security options when enabled
+ * 
+ * You must have Memcache enabled and configured & Memcache anti-dos configured to use this.
+ * 
+ *   Check -> Memcache configuration
+ *   Check -> Memcache anti resource-dos
+ *   
+ *   Runs a FILTER_VALIDATE_*TYPE on every parameter of bind_param
+ *   Verifies server vs. bound protocol/host/port set below
+ *   Enables memcache rate limiting of requests
+ *   Verifies client when creating/resuming from a session
 */
 $config['strict'] = true;
 $config['strict__enforce_ssl'] = false;
 $config['strict__bind_protocol'] = 'http';
 $config['strict__bind_host'] = 'localhost';
 $config['strict__bind_port'] = 80;
-// CHANGE THIS KEY
-define('strict__FIP_key', '45934debe4965c10c424254a2c8170df');
-// If you use this, you'll also have to change a key in public/index.php ... you'll see.

 /**
 * Do not edit this unless you have confirmed that your config has been updated!
--- a/public/index.php
+++ b/public/index.php
@ -19,9 +19,11 @@ limitations under the License.

 // Set a decently long SECURITY key with special chars etc
 define('SECURITY', '*)WT#&YHfd');
-// Disable the sechash check if you're sure, still checks if SECURITY defined as before
+// Whether or not to check SECHASH for validity, still checks if SECURITY defined as before if disabled
 define('SECHASH_CHECK', true);

+// Nothing below here to configure, move along...
+
 // change SECHASH every second, we allow up to 3 sec back for slow servers
 if (SECHASH_CHECK) {
  function fip($tr=0) { return md5(SECURITY.(time()-$tr).SECURITY); }