[Typo3] encryptionKey value comprimised! - security issue
darrylk at ywam.no
Wed Jul 6 17:02:19 CEST 2005
I have discovered that my enryptionKey is being revealed through the urls in indexed search results. Kind of scary!
A similiar situation was reported recently by Steven...
Though in my case I am still using 3.7.0 and have not yet upgraded to 3.8.0.
In the install configuration it says:
--- quote ---
This is a "salt" used for various kinds of encryption, CRC checksums and validations. You can enter any rubbish string here but try to keep it secret. You should notice that a change to this value might invalidate temporary information, URLs etc. At least, clear all cache if you change this so any such information can be rebuild with the new key.
--- end quote ---
Sounds good - but not so good that it is being revealed in the indexed search results!
Any ideas how to get to the root of this issue?
- Darryl Krause (darrylk)
The mailing list archive is found here:
More information about the TYPO3-english