mirror of
https://github.com/meteor/meteor.git
synced 2026-05-02 03:01:46 -04:00
83af2e2179
Have `OAuthEncryption.open` throw "decryption unsuccessful" on any
error to avoid allowing an attacker to break the encryption key by
observing the result of sending manipulated ciphertexts.
Add oauth-encryption and the oauthSecretKey config options to the docs
page.
Update history.
More documentation on functions.
Use `OAuth.sealSecret(...)` instead of `{seal: ...}`.
Rename OAuth._openSecret(s) to OAuth.openSecret(s).
In the readme describing how to generate a key, just use Node instead
of going through the hassle of creating a Meteor application.
Have the `oauth` package weakly depend on `oauth-encryption` for when
it's being used without accounts.
Add tips on using oauth-encryption without accounts to the readme.
10 lines
231 B
HTML
10 lines
231 B
HTML
<template name="pkg_oauth_encryption">
|
|
{{#markdown}}
|
|
## `oauth-encryption`
|
|
|
|
Encrypts sensitive account credential information stored in the
|
|
database. See packages/oauth-encryption/README.md for details.
|
|
|
|
{{/markdown}}
|
|
</template>
|