Migrating from Legacy DefaultSecureHashCodeGeneratorStrategy to MD5SecureHashCodeGeneratorStrategy
Learn how to migrate from a version smaller 10.2007
What you'll learn
- Learn how to migrate DefaultSecureHashCodeGeneratorStrategy
Prerequisites
- -
Time matters
Should I read this?
Since the existing DefaultSecureHashCodeGeneratorStrategy
used for securing blob transformation was considered vulnerable to possible DoS attacks, a new default MD5SecureHashCodeGeneratorStrategy
was introduced with version 10.2007. It includes a server side secret which can be configured via cae.hashing.secret.
Customers Migrating from a version prior to 10.2007 should be aware that the new MD5SecureHashCodeGeneratorStrategy
won’t match hashes created by the former DefaultSecureHashCodeGeneratorStrategy
. Already cached URLs would therefore cause a HTTP 403 (forbidden) status code.
To address this issue, CoreMedia provides a smooth migration path by using a strategy which will accept hashes created by both, the DefaultSecureHashCodeGeneratorStrategy
and the MD5SecureHashCodeGeneratorStrategy
.
New hashes will be created using the new MD5SecureHashCodeGeneratorStrategy
.
The migration mode may be enabled by setting cae.hashing.migration-mode=true
. It will be available for the following Agile Maintenance Packs and all later versions.
-
2007.3
-
2010.3
-
2101.2
-
2104.1
Customers migrating to a prior AMP may have a look at the Blueprint of one of the above AMPs.
The migration strategy can be found in the cae-base-lib
com.coremedia.blueprint.cae.util.DefaultToMd5MigrationSecureHashCodeGeneratorStrategy
See the change in Github
The wiring is done in
com.coremedia.blueprint.cae.config.BlueprintHandlersCaeBaseLibConfiguration
See the change in Github.