Bug #6266

Config of security/cryptography/hashService/encryptionKey

Added by Georg Ortner over 11 years ago. Updated about 11 years ago.

Status:
Resolved
Priority:
Should have
Category:
Configuration
Start date:
2010-01-28
Due date:
% Done:

100%

Estimated time:
PHP Version:
Has patch:
Complexity:

Description

FLOW3:
  security:
    cryptography:
      hashService:
        encryptionKey: 'change this to something *really* unique!'

If someone changes this in the global configuration it's going to be overwritten by Packages/Framework/FLOW3/Configuration/Settings.yaml with an empty string.

    cryptography:
      hashService:
        # A key used for various tasks, must be unique for a setup!
        encryptionKey:

I think this is not how it's supposed to be? Or am I wrong?


Files

Configuration.tar (3.13 KB) Configuration.tar Georg Ortner, 2010-02-05 13:17

Related issues

Has duplicate TYPO3.Flow - Bug #6894: F3\FLOW3\Security\Exception\MissingConfigurationException thrown in file HashService.phpClosedKarsten Dambekalns2010-03-17

Actions
#1

Updated by Karsten Dambekalns over 11 years ago

  • Category set to Security
  • Status changed from New to Needs Feedback
  • Assignee set to Karsten Dambekalns

This works as expected here. If you change the setting, do you get an exception? Or how do you know your setting is not used?

#2

Updated by Georg Ortner over 11 years ago

Yes I do:

#1258991855: You must configure an encryption key for the HashService (More information)

Then I tried to change this in global config so something unique:

FLOW3:
  security:
    cryptography:
      hashService:
        encryptionKey: 'change this to something *really* unique!'

I still got the exception that's why I tried this for debug in FLOW3/Classes/Cryptography/HashService:

public function injectSettings(array $settings) {
    echo "<pre>" 
    print_r($settings);
    echo "</pre>";
    if (empty($settings['security']['cryptography']['hashService']['encryptionKey'])) {
        throw new \F3\FLOW3\Security\Exception\MissingConfigurationException('You must configure an encryption key for the HashService', 1258991855);
    }
    $this->encryptionKey = $settings['security']['cryptography']['hashService']['encryptionKey'];
}

And so I learned that whatever I write in the global config gets owned by the config of the security package. At least at that point of runtime but I hope the settings are already parsed properly at the time of this injection.

#3

Updated by Karsten Dambekalns over 11 years ago

Could you package your Configuration folder and attach it here? Feel free to blank out usernames/passwords, but if relevant leave permissions intact.

#4

Updated by Georg Ortner over 11 years ago

This is my Configuration directory

#5

Updated by Georg Ortner over 11 years ago

Finally I figured the difference!

This works:

FLOW3:
  security:
    cryptography:
      hashService:
        encryptionKey: '92364926498249824209'

FLOW3:
  persistence:
    backendOptions:
      dataSourceName: 'mysql:dbname=flow3'
      username: flow3user
      password: somepassword

But this does produce: "You must configure an encryption key for the HashService"

FLOW3:
  persistence:
    backendOptions:
      dataSourceName: 'mysql:dbname=flow3'
      username: flow3user
      password: somepassword

FLOW3:
  security:
    cryptography:
      hashService:
        encryptionKey: '92364926498249824209'

So was I right at the very beginning that the Configuration isn't fully parsed by the time of executing PdoBackend->Connect?

#6

Updated by Georg Ortner over 11 years ago

Oh I'm sorry it's exactly the other way around! The first example produces the error! Sry haven't been sleeping much...

#7

Updated by Karsten Dambekalns over 11 years ago

  • Category changed from Security to Configuration
  • Status changed from Needs Feedback to Resolved
  • Target version set to 1.0 alpha 8
  • % Done changed from 0 to 100

Georg Ortner wrote:

Finally I figured the difference!

No, if you have the top-level key FLOW3 twice, the latter will override the first one:

FLOW3:
  foo: bar
FLOW3:
  baz: quux

will give a "merged" configuration of:

FLOW3:
  baz: quux

What you need to write is:

FLOW3:
  foo: bar
  baz: quux

In your specific case:

FLOW3:
  persistence:
    backendOptions:
      dataSourceName: 'mysql:dbname=flow3'
      username: flow3user
      password: somepassword

  security:
    cryptography:
      hashService:
        encryptionKey: '92364926498249824209'

Also available in: Atom PDF