mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-23 21:18:19 +01:00
93e6dc1c1d
Summary: Ref T12509. - Upgrade an old SHA1 to SHA256. - Replace an old manually configurable HMAC key with an automatically generated one. This is generally both simpler (less configuration) and more secure (you now get a unique value automatically). This causes a one-time compatibility break that invalidates old "Reply-To" addresses. I'll note this in the changelog. If you leaked a bunch of addresses, you could force a change here by mucking around with `phabricator_auth.auth_hmackey`, but AFAIK no one has ever used this value to react to any sort of security issue. (I'll note the possibility that we might want to provide/document this "manually force HMAC keys to regenerate" stuff some day in T6994.) Test Plan: Grepped for removed config. I'll vet this pathway more heavily in upcoming changes. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T12509 Differential Revision: https://secure.phabricator.com/D19945 |
||
|---|---|---|
| .. | ||
| book | ||
| contributor | ||
| flavor | ||
| tech | ||
| user | ||