You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
JCryptCipherSimple is already deprecated and will be removed with 4.0.
Due to B/C it is still shiped but it's recommended to use one of the more secure alternatives.
We aren't going to place potentially publicly visible notices on people's sites. The deprecation is the best we can do until Joomla 4 (potentially we can shove something in the log files but the reality is that very very few people ever check that file). There are no active use cases of this class in core. So I think we're pretty much doing the best we can at this stage. Our Joomla 4 deprecations branch already has this class (and all use cases removed as well https://github.com/joomla-projects/joomla-pythagoras/tree/feature/deprecations)
joomla-cms/libraries/joomla/crypt/cipher/simple.php
Lines 61 to 100 in ec8a72f
XORing the plaintext with
str_repeat($secretkey)
is worse than encrypting in ECB mode.There is no salvaging this "encryption" code.
rm
it, it's not secure.The text was updated successfully, but these errors were encountered: