Page MenuHomePhabricator

Upgrade object reply addresses to SHA256 and remove "phabricator.mail-key"
ClosedPublic

Authored by epriestley on Jan 3 2019, 1:18 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Dec 16, 1:28 PM
Unknown Object (File)
Fri, Dec 13, 12:38 AM
Unknown Object (File)
Thu, Dec 5, 9:55 PM
Unknown Object (File)
Thu, Nov 28, 4:42 PM
Unknown Object (File)
Thu, Nov 28, 4:42 PM
Unknown Object (File)
Thu, Nov 28, 4:28 PM
Unknown Object (File)
Mon, Nov 25, 11:19 PM
Unknown Object (File)
Sun, Nov 24, 12:05 AM
Subscribers
None

Details

Summary

Ref T12509.

  • Upgrade an old SHA1 to SHA256.
  • Replace an old manually configurable HMAC key with an automatically generated one.

This is generally both simpler (less configuration) and more secure (you now get a unique value automatically).

This causes a one-time compatibility break that invalidates old "Reply-To" addresses. I'll note this in the changelog.

If you leaked a bunch of addresses, you could force a change here by mucking around with phabricator_auth.auth_hmackey, but AFAIK no one has ever used this value to react to any sort of security issue.

(I'll note the possibility that we might want to provide/document this "manually force HMAC keys to regenerate" stuff some day in T6994.)

Test Plan

Grepped for removed config. I'll vet this pathway more heavily in upcoming changes.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable