Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session secret key in auth0Auth.js lacks complexity and is exposed in source #35

Open
jdmedlock opened this issue May 28, 2017 · 0 comments
Open

Session secret key in auth0Auth.js lacks complexity and is exposed in source #35

jdmedlock opened this issue May 28, 2017 · 0 comments
Labels
type: bug

Comments

@jdmedlock
Copy link
Collaborator

Issue Description & Expected Outcome:
The session secret key defined in auth0Auth.js is not complex enough and is exposed in source code. Anyone can view this in GitHub. This key should be at least 16 characters in length and contain a variety of special characters, numbers, and letters. This key should not be exposed in open source code.

Symptoms:
N/a

Steps to Recreate:
N/a

Resolution:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jdmedlock