Kumar McMillan
Kumar McMillan
Thanks for filing. This is similar to https://github.com/mozilla/addons-code-manager/issues/967 but different.
I'm glad we're finally moving this off of M2Crypto! Here are some responses just for historical context: > Porting m2secret ... to `pyca/cryptography` kinda revealed that our currently used system...
> This issue is still reproducing @AlexandraMoga Could elaborate on the steps you took to reproduce it? I don't see an overlay so I'm confused. Did you click the star?...
oof, I can reproduce on Windows too.
We require key files by design. If you store your key as a string (in settings or elsewhere) then your attacker only has to compromise your source code. If you...
@edmorley btw, I pushed the undocumented bewit support to PyPI so you can use it more easily. http://mohawk.readthedocs.org/en/latest/#changelog
Thanks again for implementing bewit! I documented the low level interface https://mohawk.readthedocs.io/en/latest/usage.html#generating-protected-urls I still think the interface is a bit awkward so I'll leave this issue open. Here are ideas...