Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(secret): improve secret default behavior #369

Merged
merged 3 commits into from
Sep 29, 2023
Merged

fix(secret): improve secret default behavior #369

merged 3 commits into from
Sep 29, 2023

Conversation

RyanHolstien
Copy link
Contributor

Improves the default security of a non-specified randomly generated key for clusters.

Checklist

  • The PR conforms to DataHub's Contributing Guideline (particularly Commit Message Format)
  • Links to related issues (if applicable)
  • Tests for the changes have been added/updated (if applicable)
  • Docs related to the changes have been added/updated (if applicable)

@RyanHolstien RyanHolstien added the enhancement New feature or request label Sep 19, 2023
@RyanHolstien RyanHolstien self-assigned this Sep 19, 2023
@Gerrit-K
Copy link
Contributor

Gerrit-K commented Sep 29, 2023
edited
Loading

I just stumbled over this one and I'm curious: is this the cause fix for the following log in the fronend?

Your secret key is very short, and may be vulnerable to dictionary attacks.  Your application may not be secure.
The application secret should ideally be 32 bytes of completely random input, encoded in base64.
To set the application secret, please read http://playframework.com/documentation/latest/ApplicationSecret

@pedro93
Copy link
Contributor

pedro93 commented Sep 29, 2023

Hello Gerrit, the pr should help with the message yes

@RyanHolstien RyanHolstien merged commit e725085 into acryldata:master Sep 29, 2023
@RyanHolstien RyanHolstien deleted the fix/secretValueDefault branch September 29, 2023 19:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pedro93 pedro93 pedro93 approved these changes

@david-leifker david-leifker Awaiting requested review from david-leifker

Assignees

@RyanHolstien RyanHolstien

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@RyanHolstien @Gerrit-K @pedro93