Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

W-17156076 Using NativePRNG in place of SHA1PRNG #580

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

W-17156076 Using NativePRNG in place of SHA1PRNG #580

wants to merge 1 commit into from

Conversation

sf-sunnymittal
Copy link

@sf-sunnymittal sf-sunnymittal commented Dec 6, 2024
edited
Loading

Issue
As mentioned in https://gus.lightning.force.com/lightning/r/ADM_Work__c/a07EE0000252OC9YAM/view, we need to remove the SHA1PRNG algorithm as this is not safe to use.

Fix
Made changes to mark the SHA1PRNG as deprecated. We will remove this as part of a major release.

Changes Done

  1. Updated the SHA1PRNG option to SHA1PRNG_Deprecated
  2. Updated all test cases to use NativePRNG

@sf-sunnymittal sf-sunnymittal requested review from a team as code owners December 6, 2024 07:43
sabecasissf
sabecasissf reviewed Dec 11, 2024
View reviewed changes
Copy link

@sabecasissf sabecasissf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought I had already added this comment, but it seems not. Since we are going to be maintaining customers with SHA1PRNG for a while, even when it is deprecated, shouldn't we leave some tests with SHA1PRNG value?

@sf-sunnymittal
Copy link
Author

sf-sunnymittal commented Dec 11, 2024
edited
Loading

I thought I had already added this comment, but it seems not. Since we are going to be maintaining customers with SHA1PRNG for a while, even when it is deprecated, shouldn't we leave some tests with SHA1PRNG value?

Earlier all the tests were running with SHA1PRNG even though we have 4 options for PRNG algorithm. Not sure if it is ok to just test out the things with 1 Algorithm or we should have test cases for each implementation.

@sabecasissf
Copy link

I thought I had already added this comment, but it seems not. Since we are going to be maintaining customers with SHA1PRNG for a while, even when it is deprecated, shouldn't we leave some tests with SHA1PRNG value?

Earlier all the tests were running with SHA1PRNG even though we have 4 options for PRNG algorithm. Not sure if it is ok to just test out the things with 1 Algorithm or we should have test cases for each implementation.

I was just thinking, maybe not, if we can identify a different code path in the connector for any of those algorithms, then yes, but otherwise, I think we are good and you can disregard my question.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sabecasissf sabecasissf sabecasissf left review comments

@arpitg-1 arpitg-1 arpitg-1 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sf-sunnymittal @sabecasissf @arpitg-1