Closed gubi closed 10 years ago
Currently, System encrypts asinchronous data with blowfish key stored in config.conf file. This is not secure because if an user know this key, it may view other-users password. An improvement a self signed keypair for System is needed.
Fixed as https://github.com/gubi/AIRS/commit/07da5db562a93b3235c3e64988a6f756047209ea
Currently, System encrypts asinchronous data with blowfish key stored in config.conf file. This is not secure because if an user know this key, it may view other-users password. An improvement a self signed keypair for System is needed.