Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Principal and other attributes need some flexibility with Serialization #430

Open
exabrial opened this issue Jun 4, 2021 · 0 comments · May be fixed by #431
Open

Principal and other attributes need some flexibility with Serialization #430

exabrial opened this issue Jun 4, 2021 · 0 comments · May be fixed by #431

Comments

@exabrial
Copy link

exabrial commented Jun 4, 2021

I'm going to post a PR for this but here's the short story. Redis counts as "data at rest" in a lot of organizations and must be encrypted. We are using a SessionAttributesTranscoder that encrypts the byte[] with AES-GCM, but to our surprise, the passwords were stored in plaintext in Redis.

My proposal is to have a serialization strategy for the Principal and request attributes.

This would also allow people to write custom serializers to fix #427

@exabrial exabrial changed the title Principal is not serialized with SessionAttributesTranscoder Principal and other attributes need some flexibility with Serialization Jun 7, 2021
exabrial added a commit to exabrial/memcached-session-manager that referenced this issue Jun 7, 2021
…with Serialization. Allow for custom serializers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
1 participant