play framework

Secret key gen prepends, should overwrite

Bug #606657 reported by Jim Menard on 2010-07-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	play framework	Fix Committed	Undecided	Erwan Loisant
	1.1	Fix Committed	Undecided	Erwan Loisant

Bug Description

When the "play secret" command generates a new secret key, it updates conf/application.conf with the new value. However, the new value does not replace the old, it is prepended. Example:

  $ grep 'application\.secret' conf/application.conf
  application.secret=OLD
  $ play secret
  ...
  ~ Keep the secret: NEW
  $ grep 'application\.secret' conf/application.conf
  application.secret=NEWOLD

The new value in the conf file should be, of course, just "NEW".

I don't think this is a security vulnerability at all, unless the code can't handle really long secret keys.

Erwan Loisant (eloisant) on 2010-07-19

Changed in play:
status:	New → Confirmed
assignee:	nobody → Erwan Loisant (eloisant)

Erwan Loisant (eloisant) on 2010-07-19

Changed in play:
status:	Confirmed → Fix Committed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.