You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As far as I understand, they are doing this to hide an internal API which wasn't meant to be used outside of Play. Do you think this affects akka-http-session in some way?
(btw.: this is already pluggable, as you can provide a different session encoder quite easily)
As alluded to in the warning, these methods are not generally “safe” – there are some common modes of operation that are not secure using these methods.
I'm not an expert, but I know enough to see this implementation is unsecure by default, e.g.:
This is an invitation for discussion about the Crypto implementation ported from Play Framework and its future.
Here's the issue that led to deprecation of the Crypto API from Play
and here is migration guide in Play 2.5.
I don't know much about cryptography, so unfortunately I can't say anything more useful.
The text was updated successfully, but these errors were encountered: