Currently we store the $storage_key of a lease in plain text.
This has two concerns if one is able to gain access to the backed lease storage:
While obscuring the keyname and preventing access by hash ID will not fully prevent the ability for a persistent attacker to obtain the lease data (such as by obtaining the storage data and in the case of encrypted storage also obtaining the decryption keys) it will make it harder to do so casually.
Review code
Obscure key name with a one-way salted hash prior to storing in storage.
For any public method that can return lease related data (such as retreiveLease and at the time of this writing getLeaseId()) do not accept a hashed lease ID.
It will remain acceptable for methods that do not return lease data (such as revokeLease() or renewLease()) to accept a hashed ID. Justification for this is that methods that do not reveal lease data to not pose a direct risk of revealing data, and some methods (especially during renewAllLeases()) will need to work with only hashed ID's as they will not have the plaintext version.
Patch
None
retreiveLease() (and getLeaseId() if it remains public) will prohibit access to keys starting with 'hashed::'.
Data will be stored with a hashed key name, including 'hashed::' as a prefix
Fixed
2.0
Code
Issue #3350978 by cmlara: Store lease key names in hashed format
Automatically closed - issue fixed for 2 weeks with no activity.