Completely remove support for fixed IVs and throw a ConfigurationException if encountered. #679
Comments
|
Closed as per PR #680. This will first appear in the ESAPI 2.3.0.0 release. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In early 2.0 and 2.1 versions of ESAPI, fixed IVs were supported, but that turned out to be really bad idea. Thus, way back in release 2.2.0.0, this feature was deprecated and if it was used, a prominent warning (which probably everyone ignored) was displayed if you used it (that is, if you had the ESAPI property 'Encryptor.ChooseIVMethod' set to 'fixed'.) Unfortunately, knowing human nature, those who were using it probably just ignored the warning message.
Consequently, it is now time to completely disable it and change ESAPI from just displaying a warning to instead throwing a
ConfigurationException.This issue should actually remove the old code that implemented this.
The text was updated successfully, but these errors were encountered: