Bug #6266
Config of security/cryptography/hashService/encryptionKey
| Status: | Resolved | Start date: | 2010-01-28 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assigned To: | Karsten Dambekalns | % Done: | 100% |
|
| Category: | Configuration | |||
| Target version: | TYPO3 Flow Base Distribution - 1.0 alpha 8 | |||
| PHP Version: | Complexity: | |||
| Has patch: | Affected Flow version: |
Description
FLOW3:
security:
cryptography:
hashService:
encryptionKey: 'change this to something *really* unique!'
If someone changes this in the global configuration it's going to be overwritten by Packages/Framework/FLOW3/Configuration/Settings.yaml with an empty string.
cryptography:
hashService:
# A key used for various tasks, must be unique for a setup!
encryptionKey:
I think this is not how it's supposed to be? Or am I wrong?
Related issues
History
#1 Updated by Karsten Dambekalns over 5 years ago
- Category set to Security
- Status changed from New to Needs Feedback
- Assigned To set to Karsten Dambekalns
This works as expected here. If you change the setting, do you get an exception? Or how do you know your setting is not used?
#2 Updated by Georg Ortner over 5 years ago
Yes I do:
#1258991855: You must configure an encryption key for the HashService (More information)
Then I tried to change this in global config so something unique:
FLOW3:
security:
cryptography:
hashService:
encryptionKey: 'change this to something *really* unique!'
I still got the exception that's why I tried this for debug in FLOW3/Classes/Cryptography/HashService:
public function injectSettings(array $settings) {
echo "<pre>"
print_r($settings);
echo "</pre>";
if (empty($settings['security']['cryptography']['hashService']['encryptionKey'])) {
throw new \F3\FLOW3\Security\Exception\MissingConfigurationException('You must configure an encryption key for the HashService', 1258991855);
}
$this->encryptionKey = $settings['security']['cryptography']['hashService']['encryptionKey'];
}
And so I learned that whatever I write in the global config gets owned by the config of the security package. At least at that point of runtime but I hope the settings are already parsed properly at the time of this injection.
#3 Updated by Karsten Dambekalns over 5 years ago
Could you package your Configuration folder and attach it here? Feel free to blank out usernames/passwords, but if relevant leave permissions intact.
#4 Updated by Georg Ortner over 5 years ago
- File Configuration.tar added
This is my Configuration directory
#5 Updated by Georg Ortner over 5 years ago
Finally I figured the difference!
This works:
FLOW3:
security:
cryptography:
hashService:
encryptionKey: '92364926498249824209'
FLOW3:
persistence:
backendOptions:
dataSourceName: 'mysql:dbname=flow3'
username: flow3user
password: somepassword
But this does produce: "You must configure an encryption key for the HashService"
FLOW3:
persistence:
backendOptions:
dataSourceName: 'mysql:dbname=flow3'
username: flow3user
password: somepassword
FLOW3:
security:
cryptography:
hashService:
encryptionKey: '92364926498249824209'
So was I right at the very beginning that the Configuration isn't fully parsed by the time of executing PdoBackend->Connect?
#6 Updated by Georg Ortner over 5 years ago
Oh I'm sorry it's exactly the other way around! The first example produces the error! Sry haven't been sleeping much...
#7 Updated by Karsten Dambekalns over 5 years ago
- Category changed from Security to Configuration
- Status changed from Needs Feedback to Resolved
- Target version set to 1.0 alpha 8
- % Done changed from 0 to 100
Georg Ortner wrote:
Finally I figured the difference!
No, if you have the top-level key FLOW3 twice, the latter will override the first one:
FLOW3: foo: bar FLOW3: baz: quux
will give a "merged" configuration of:
FLOW3: baz: quux
What you need to write is:
FLOW3: foo: bar baz: quux
In your specific case:
FLOW3:
persistence:
backendOptions:
dataSourceName: 'mysql:dbname=flow3'
username: flow3user
password: somepassword
security:
cryptography:
hashService:
encryptionKey: '92364926498249824209'