- Issue created by @alexpott
- Status changed to Needs review
about 1 year ago 5:36pm 13 December 2023 - π¬π§United Kingdom alexpott πͺπΊπ
Pushed an MR that implements the functionality. We need to decide how to set the secret.
- π«π·France andypost
Probably it could help to serialize better renderables too, lots of callbacks in core pointing to services or static methods (not really callables) and can't use closures
- π§πͺBelgium borisson_ Mechelen, π§πͺ
Probably it could help to serialize better renderables too, lots of callbacks in core pointing to services or static methods (not really callables) and can't use closures
I agree, it can probably help there as well, but we can leave that to a followup.
// Configure Serializable Closure signing for security. // @todo Use hash salt and private key - but it is not always available // here.
This is the comment in the code about setting the secret, I don't understand why the hash salt is not available there.
Can we use it when it exists and fall back to not serializing when it is not available? - π¬π§United Kingdom alexpott πͺπΊπ
@borisson_ example of when we don't have a hash salt:
- in the very early installer
- in unit tests.
Also I wonder if we should be using the private key here too which would mean a database query.
- Status changed to Needs work
12 months ago 2:13pm 10 January 2024 - πΊπΈUnited States smustgrave
Revisiting this, reading the comments seems like using private key is our only option right?