Closed rzontar closed 9 years ago
Thanks. Did you test that with scenarios that use symmetric keys.
I can't remember why we did it that way and wonder if that has any side effects.
This PR only addresses the X509CertificateReference signing key. Currently, the symmetric keys are not affected. For consistency it could be checked there also.
I believe the risk is higher with certificates, since they are stored only as a reference. Although unlikely, they could be removed from the store, thereby compromising the token infrastructure. To achieve the same effect with symmetric keys, someone would have to gain access to the database and set the value to null.
thanks!
PR for #247