Author: jleroux
Date: Tue Feb 20 11:59:07 2018
New Revision: 1824855
URL:
http://svn.apache.org/viewvc?rev=1824855&view=revLog:
Reverted: Secure the login.secret_key_string
(OFBIZ-9966)
I forgot to revert this part; I guess got conflict issues and then forgot.
I'll also revert in R16 and R17 and close as won't fix, I gave my arguments
that's enough for me.
Modified:
ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties
Modified: ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties?rev=1824855&r1=1824854&r2=1824855&view=diff==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties (original)
+++ ofbiz/ofbiz-framework/trunk/framework/security/config/security.properties Tue Feb 20 11:59:07 2018
@@ -132,6 +132,9 @@ default.error.response.view=view:viewBlo
# -- If false, then no externalLoginKey parameters will be added to cross-webapp urls
security.login.externalLoginKey.enabled=true
+# -- Security key used to encrypt and decrypt the autogenerated password in forgot password functionality.
+login.secret_key_string=Secret Key
+
### To have this working, an example of the change needed on the source server is available in OFBIZ-10206-external-server-test-example.patch
# -- If true, then it's possible to connect to another webapp on another server w/o signing in
# -- This needs to be changed on both the source server and the target server
Locked
