Secret key gen prepends, should overwrite
Bug #606657 reported by
Jim Menard
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
play framework |
Fix Committed
|
Undecided
|
Erwan Loisant | ||
1.1 |
Fix Committed
|
Undecided
|
Erwan Loisant |
Bug Description
When the "play secret" command generates a new secret key, it updates conf/applicatio
$ grep 'application\
application.
$ play secret
...
~ Keep the secret: NEW
$ grep 'application\
application.
The new value in the conf file should be, of course, just "NEW".
I don't think this is a security vulnerability at all, unless the code can't handle really long secret keys.
Changed in play: | |
status: | New → Confirmed |
assignee: | nobody → Erwan Loisant (eloisant) |
Changed in play: | |
status: | Confirmed → Fix Committed |
To post a comment you must log in.