You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have started working with Flask in the last month and I noticed that there could be an improvement on secret key managment for sessions; specifically I am taking as reference OWASP Top 10 Cryptographic Failures on the point where it talks about the importance of proper key managment (that isn't flask responsibility) and rotation.
I saw that there is a closed issue on that topic, however that was from 10 years ago, a lot of time passed so I thought it would be a nice thing pointing that out; I understand that this implies session invalidating when the secret key changes, but I think that this could be a choice left to developers based on security requirements of the specific system, therefore adding more flexibility.
If I am wrong in any way or it isn't feasible I hope that someone can provide me a good explanation about why.
The text was updated successfully, but these errors were encountered:
Hi everyone,
I have started working with Flask in the last month and I noticed that there could be an improvement on secret key managment for sessions; specifically I am taking as reference OWASP Top 10 Cryptographic Failures on the point where it talks about the importance of proper key managment (that isn't flask responsibility) and rotation.
I saw that there is a closed issue on that topic, however that was from 10 years ago, a lot of time passed so I thought it would be a nice thing pointing that out; I understand that this implies session invalidating when the secret key changes, but I think that this could be a choice left to developers based on security requirements of the specific system, therefore adding more flexibility.
If I am wrong in any way or it isn't feasible I hope that someone can provide me a good explanation about why.
The text was updated successfully, but these errors were encountered: