Support both major versions of fernet

neilmiddleton / attr_secure

MIT License

11 stars 1 forks source link

Support both major versions of fernet #15

Closed dmathieu closed 8 years ago

dmathieu commented 10 years ago

This aims to support both major versions of fernet.

To use 1.6, the app will have to specify that version in it's Gemfile, or the latest version will be used by default.
To use 2.0, just specify attr_secure.

dmathieu commented 10 years ago

cc @neilmiddleton @cyberdelia

hgmnz commented 10 years ago

nice

neilmiddleton commented 10 years ago

Can you add some info to the README on using Fernet 1.6 with this? Also, possibly some information on the 1.6 to 2.0 upgrade path

dmathieu commented 10 years ago

I just added information about the fernet version. In #8, a year ago, we took a different process, where 1.6 was considered deprecated but we provided a way to keep using it with old_decrypt and old_encrypt.

Unfortunately, that means we needed to embed the whole Fernet 1.6 under a different name. I'm not sure that's a very good idea anymore.

neilmiddleton commented 10 years ago

hrm. If I start using Fernet 2.0 on an app that's been using 1.6, is that bad? Will the decrypt's work?

dmathieu commented 10 years ago

No it won't. The encryption and decryption methods have changed.

neilmiddleton commented 10 years ago

Ok. That needs to be super clear in the readme

neilmiddleton commented 10 years ago

Was thinking about this. 1.6 needs to be the default for now. We can't push a new version of this and then have un-pinned users (if there are any) encrypting/decrypting badly. Moving to 2.0 needs to be explicit.

dmathieu commented 8 years ago

Closing as stale.