projects / GitHub / WoltLab / WCF.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 838607b) | patch
Remove the additional secret for files
authorAlexander Ebert <ebert@woltlab.com>
Sat, 15 Jun 2024 10:13:47 +0000 (12:13 +0200)
committerAlexander Ebert <ebert@woltlab.com>
Sat, 15 Jun 2024 10:13:47 +0000 (12:13 +0200)
commitfe29214001f83cc3025deaa39b59c4ccdce5d13c
treee261147c1f8dac37dc10a817a6c70b06fac27017tree | snapshot (tar.gz zip)
parent838607b9eba7b07ad523dfb9cb948136a63dac99commit | diff
Remove the additional secret for files

It serves no real purpose. Guessing the SHA-256 hash is impossible due to entropy and if you *know* the hash then you pretty much know the file contents too.

There is no imaginable scenario where leaking the hash would not also leak the secret.
wcfsetup/install/files/acp/database/update_com.woltlab.wcf_6.1.php diff | blob | blame | history
wcfsetup/install/files/lib/data/file/File.class.php diff | blob | blame | history
wcfsetup/install/files/lib/data/file/FileEditor.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/file/processor/FileProcessor.class.php diff | blob | blame | history
wcfsetup/setup/db/install.sql diff | blob | blame | history
WoltLab Suite Core (previously WoltLab Community Framework)