[
https://issues.apache.org/jira/browse/SHINDIG-491?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12619438#action_12619438
]
Chris Chabot commented on SHINDIG-491:
--------------------------------------
Hmm but then people who don't read the manual (and they never do :P) won't have
a visible clue that they should in face generate a key.
I'm a bit fearful that if we make a 'default key' (which is publicly available,
so anyone can use it to spoof requests with), there will be live containers
that use it since they never realized they should make their own.
So from a sample container point of view i agree, but i'm to afraid that it
will cause real security issues to think that that's the solution; From that
point of view i think an exception is exactly what we need :)
> Improper handling of Key
> ------------------------
>
> Key: SHINDIG-491
> URL: https://issues.apache.org/jira/browse/SHINDIG-491
> Project: Shindig
> Issue Type: Bug
> Environment: windows
> Reporter: impetus technologies
> Assignee: Chris Chabot
> Attachments: SigningFetcherFactory.php.patch
>
>
> Hi,
> In SigningFetcherFactory.php "openssl_pkey_get_private()" method should be
> called in case of a proper key if it is blank or not a key then it should not
> be called. So it should be inside the "else". I have submitted this patch
> previously with issue Shindig-477 on 2008-07-28. It was committed too. But I
> think during the cache code cleaning it was missed.
> Patch is attached for the same.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
