svn commit: r1814362 - /ofbiz/ofbiz-framework/trunk/applications/securityext/src/main/java/org/apache/ofbiz/securityext/login/LoginEvents.java

Author: jleroux
Date: Sun Nov  5 17:27:01 2017
New Revision: 1814362

URL: http://svn.apache.org/viewvc?rev=1814362&view=rev
Log:
Documented: Secure the login.secret_key_string
(OFBIZ-9966)

No functional change, this completes the previous commit

Modified:
    ofbiz/ofbiz-framework/trunk/applications/securityext/src/main/java/org/apache/ofbiz/securityext/login/LoginEvents.java

Modified: ofbiz/ofbiz-framework/trunk/applications/securityext/src/main/java/org/apache/ofbiz/securityext/login/LoginEvents.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/applications/securityext/src/main/java/org/apache/ofbiz/securityext/login/LoginEvents.java?rev=1814362&r1=1814361&r2=1814362&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/applications/securityext/src/main/java/org/apache/ofbiz/securityext/login/LoginEvents.java (original)
+++ ofbiz/ofbiz-framework/trunk/applications/securityext/src/main/java/org/apache/ofbiz/securityext/login/LoginEvents.java Sun Nov  5 17:27:01 2017
@@ -72,6 +72,7 @@ public class LoginEvents {
     // OOTB the loginSecretKeyString is not properly initialised and can not be OOTB.
     // The best way to create the loginSecretKeyString is to use a temporary way to load in a static final key when compiling.
     // This is simple and most secure. One of the proposed way is to use sed and uuidgen to modify the loginSecretKeyString value
+    // This: sed -i /loginSecretKeyString/s//$(uuidgen)/\2 applications/securityext/src/main/java/org/apache/ofbiz/securityext/login/LoginEvents.java
     // The magic words here are TEMPORARY and FINAL!
     private static final String loginSecretKeyString = "loginSecretKeyString";