You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently sp-oidc-sinatra uses the hardcoded demo key in all environments, including when deployed in EC2. This is a low-impact vulnerability today since it could only be used to forge login requests to sandbox environments.
However, if we ever want to run the sample apps in production, we should ensure that they do not use example keys. Ideally we would remove the demo keys and have this app not ship with any demo keys at all, which would remove the potential for making this error.
The text was updated successfully, but these errors were encountered:
Currently sp-oidc-sinatra uses the hardcoded demo key in all environments, including when deployed in EC2. This is a low-impact vulnerability today since it could only be used to forge login requests to sandbox environments.
identity-oidc-sinatra/app.rb
Line 147 in b16cea7
However, if we ever want to run the sample apps in production, we should ensure that they do not use example keys. Ideally we would remove the demo keys and have this app not ship with any demo keys at all, which would remove the potential for making this error.
The text was updated successfully, but these errors were encountered: