don't use encryption key directly in FileWriter
encryption key must not be used directly, but rather call GeneralUtility::hmac().
[TASK] Use GU::hmac() instead of encryption key in FileWriter
There is a potential attack to get hold of a secret encryption key
if such key is hashed with a single hash function and a small additional
string. So if you want to include the encryption key in an hash, you need
to ALWAYS use GeneralUtility::hmac() and not any different hash function.
Additionally, don't mention AdditionalConfiguration as place for config
manipulation, as it is considered a hack from core point of view
(see comment #52705).
Reviewed-by: Alexander Stehlik <firstname.lastname@example.org>
Reviewed-by: Helmut Hummel <email@example.com>
Reviewed-by: Christian Kuhn <firstname.lastname@example.org>
Tested-by: Christian Kuhn <email@example.com>
Tested-by: Helmut Hummel <firstname.lastname@example.org>