Hi Nuwan, We have done a immediate fix for the issue(by Darshana) with PR : https://github.com/wso2/carbon-identity/pull/1432.
Thanks, Pushpalanka. -- Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ Mobile: +94779716248 Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka On Tue, Nov 17, 2015 at 3:30 PM, Pushpalanka Jayawardhana <[email protected]> wrote: > Hi Nuwan, > > We are going forward with not encrypting the consumer key. Started > working on this will be tracked via [1]. > There are few more encryption concerns related to session store and > authorization code storage as well. Will provide the details of the > approach to be taken ASAP. > > [1] - https://wso2.org/jira/browse/IDENTITY-4088 > > Thanks, > Pushpalanka. > -- > Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). > Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ > Mobile: +94779716248 > Blog: pushpalankajaya.blogspot.com/ | LinkedIn: > lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka > > > On Tue, Nov 17, 2015 at 10:39 AM, Nuwan Dias <[email protected]> wrote: > >> Hi IS folks, >> >> We talked about avoiding the encryption of the consumer key to avoid the >> issue originally raised on this mail thread. Are we going ahead with that >> decision? It still encrypts it on carbon-identity_5.0.2 release. >> >> Please note that this results in a blocking issue for the release of API >> Manager 1.10.0. Therefore we either need to stop encrypting it altogether >> or find another solution for this problem. And we need it ASAP :) >> >> Thanks, >> NuwanD. >> >> On Tue, Oct 20, 2015 at 2:38 PM, Nuwan Dias <[email protected]> wrote: >> >>> Hi, >>> >>> When we enable key encryption for OAuth keys, the clientId is encrypted >>> in the IDN_OAUTH_CONSUMER_APPS table. But it is left in plain text in the >>> INBOUND_AUTH_KEY column of the SP_INBOUND_AUTH table. This happens in >>> carbon-identity_4.6.0-M2 release. Should not values in both columns be >>> encrypted? >>> >>> Thanks, >>> NuwanD. >>> >>> -- >>> Nuwan Dias >>> >>> Technical Lead - WSO2, Inc. http://wso2.com >>> email : [email protected] >>> Phone : +94 777 775 729 >>> >> >> >> >> -- >> Nuwan Dias >> >> Technical Lead - WSO2, Inc. http://wso2.com >> email : [email protected] >> Phone : +94 777 775 729 >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
