I know, but isn't other default (non-random) value would be a priori known?
Random value isn't good for cluster deployments, as was already mentioned before. So by default the HMAC signature wouldn't be much secure (if key equals to default), but at least it will work in cluster the same way as assets do (using application version). If you want more secure signatures you may specify passphrase explicitly also. On Fri, Oct 5, 2012 at 1:57 PM, Massimo Lusetti <[email protected]> wrote: > On Fri, Oct 5, 2012 at 9:35 AM, Dmitry Gusev <[email protected]> > wrote: > > > Can't we just use application version by default? > > The whole point here is to protect against tampered data, so a known > value is useless. > > Cheers > -- > Massimo > http://meridio.blogspot.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Dmitry Gusev AnjLab Team http://anjlab.com
