Can someone can securely stop setting "auth.settings.hmac_key"? #354
Description
Quote from the book :
Where it was set to something like "sha512:a-pass-phrase" and passed to the CRYPT validator for the
"password" field of the auth_user table, providing the algorithm and a-pass-phrase used to hash the
passwords. However, web2py no longers needs this setting because it handles this automatically.
Ref.: http://web2py.com/books/default/chapter/29/9#Auth-Settings-and-messages
I suggest we add a sentence saying if we can or not remove auth.settings.hmac_key = "SOMEKEY" for an existing app without having issue with password already created... If we can securely remove it, we could suggest how to proceed to remove it or point to other section of the book about that