You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2017/11/05 17:27:02 UTC
svn commit: r1814362 -
/ofbiz/ofbiz-framework/trunk/applications/securityext/src/main/java/org/apache/ofbiz/securityext/login/LoginEvents.java
Author: jleroux
Date: Sun Nov 5 17:27:01 2017
New Revision: 1814362
URL: http://svn.apache.org/viewvc?rev=1814362&view=rev
Log:
Documented: Secure the login.secret_key_string
(OFBIZ-9966)
No functional change, this completes the previous commit
Modified:
ofbiz/ofbiz-framework/trunk/applications/securityext/src/main/java/org/apache/ofbiz/securityext/login/LoginEvents.java
Modified: ofbiz/ofbiz-framework/trunk/applications/securityext/src/main/java/org/apache/ofbiz/securityext/login/LoginEvents.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/applications/securityext/src/main/java/org/apache/ofbiz/securityext/login/LoginEvents.java?rev=1814362&r1=1814361&r2=1814362&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/applications/securityext/src/main/java/org/apache/ofbiz/securityext/login/LoginEvents.java (original)
+++ ofbiz/ofbiz-framework/trunk/applications/securityext/src/main/java/org/apache/ofbiz/securityext/login/LoginEvents.java Sun Nov 5 17:27:01 2017
@@ -72,6 +72,7 @@ public class LoginEvents {
// OOTB the loginSecretKeyString is not properly initialised and can not be OOTB.
// The best way to create the loginSecretKeyString is to use a temporary way to load in a static final key when compiling.
// This is simple and most secure. One of the proposed way is to use sed and uuidgen to modify the loginSecretKeyString value
+ // This: sed -i /loginSecretKeyString/s//$(uuidgen)/\2 applications/securityext/src/main/java/org/apache/ofbiz/securityext/login/LoginEvents.java
// The magic words here are TEMPORARY and FINAL!
private static final String loginSecretKeyString = "loginSecretKeyString";