Migrating from Legacy DefaultSecureHashCodeGeneratorStrategy to MD5SecureHashCodeGeneratorStrategy

Last updated 17 minutes ago

Learn how to migrate from a version smaller 10.2007

What you'll learn

Learn how to migrate DefaultSecureHashCodeGeneratorStrategy

Prerequisites

Time matters

Reading time: 5 minutes

Should I read this?

This guide is for Developers.

Since the existing DefaultSecureHashCodeGeneratorStrategy used for securing blob transformation was considered vulnerable to possible DoS attacks, a new default MD5SecureHashCodeGeneratorStrategy was introduced with version 10.2007. It includes a server side secret which can be configured via cae.hashing.secret.

Customers Migrating from a version prior to 10.2007 should be aware that the new MD5SecureHashCodeGeneratorStrategy won’t match hashes created by the former DefaultSecureHashCodeGeneratorStrategy. Already cached URLs would therefore cause a HTTP 403 (forbidden) status code.

To address this issue, CoreMedia provides a smooth migration path by using a strategy which will accept hashes created by both, the DefaultSecureHashCodeGeneratorStrategy and the MD5SecureHashCodeGeneratorStrategy. New hashes will be created using the new MD5SecureHashCodeGeneratorStrategy.

The migration mode may be enabled by setting cae.hashing.migration-mode=true. It will be available for the following Agile Maintenance Packs and all later versions.

2007.3
2010.3
2101.2
2104.1

Customers migrating to a prior AMP may have a look at the Blueprint of one of the above AMPs.

The migration strategy can be found in the cae-base-lib

com.coremedia.blueprint.cae.util.DefaultToMd5MigrationSecureHashCodeGeneratorStrategy

See the change in Github

The wiring is done in

com.coremedia.blueprint.cae.config.BlueprintHandlersCaeBaseLibConfiguration

See the change in Github.

Is this page useful?