vmassol
1
Hi devs,
Blaming xwiki-platform/xwiki-platform-core/xwiki-platform-container/xwiki-platform-container-servlet/src/main/java/org/xwiki/container/servlet/filters/SavedRequestManager.java at master · xwiki/xwiki-platform · GitHub is deprecated and it’s recommended to use:
RandomStringUtils.secure().next() or secureStrong() or insecure().
It would be good to define a best practice for this and add it to the security dev practices.
WDYT?
Thanks
surli
2
Not sure we need a specific best practice for this: if it’s deprecated and there’s a documented solution, sure we should use it as for any API.
vmassol
3
that’s the point, we need to pick what we want to use as a replacement. As I mentioned there are 3 options.
We should definitely not use the forced secureStrong() or insecure() 99% of the time.
vmassol
5
ok so the best practice is to use secure(). Thx