Commit a3ddfd30 authored by Kristina Hoeppner's avatar Kristina Hoeppner
Browse files

Add info about warnings on Site administration

parent 025c7549
.. include:: /shortcuts.rstext
.. index::
pair: Site administration; Overview
......@@ -21,6 +23,19 @@ You see all administrative items on the main page of the site administration.
Site administration overview page
.. index::
single: Site administration; Warnings
single: New in Mahara 1.5; Warning about small PHP session entropy length
Warnings
~~~~~~~~~~~
After you have installed Mahara, you may see a number of warnings when you go to the *Site administration*. They should all be resolved to ensure that your site is secure and has all the necessary settings.
#. |new15| **Session entropy length**: Your PHP session.entropy_length setting is too small. Set it to at least 16 in your php.ini to ensure that generated session IDs are random and unpredictable enough. You can learn more about this advisory on the `OWASP session management cheatsheet <https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Session_ID_Properties>`_.
#. **Noreply email address**: If the system email address is empty or a malformed email address, you are asked to check and correct it in the `system mail address setting <email_settings>`.
#. **Site-wide password salt**: If you do not have one set, please edit your config.php and set the "passwordsaltmain" parameter to a reasonable secret phrase: ``$cfg->passwordsaltmain = 'your secret phrase here';``
.. index::
Registration with Mahara
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment