[Typo3] encryptionKey value comprimised! - security issue

Darryl Krause darrylk at ywam.no
Wed Jul 6 17:02:19 CEST 2005

Hi list

I have discovered that my enryptionKey is being revealed through the urls in indexed search results. Kind of scary!

A similiar situation was reported recently by Steven...

Though in my case I am still using 3.7.0 and have not yet upgraded to 3.8.0.

In the install configuration it says:
--- quote ---
This is a "salt" used for various kinds of encryption, CRC checksums and validations. You can enter any rubbish string here but try to keep it secret. You should notice that a change to this value might invalidate temporary information, URLs etc. At least, clear all cache if you change this so any such information can be rebuild with the new key.
--- end quote ---

Sounds good - but not so good that it is being revealed in the indexed search results!

Any ideas how to get to the root of this issue?

- Darryl Krause (darrylk)

The mailing list archive is found here:

More information about the TYPO3-english mailing list