Don't save configuration data with encryption result [#2391165]

Passing configuration data in the $options array allows it to be used within the encryption method function (see Make configuration available in the encryption callback function), but a side effect is that all of the configuration data gets included in the encryption result, which isn't harmful, but it's not necessary. The configuration data should be removed from the $options array before the encryption results are returned.

Comment	File	Size	Author
#1	encrypt-remove-config-2391165-0.patch	647 bytes	rlhawk
#1

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

rlhawk

English

Seattle, Washington, United States

CreditAttribution: rlhawk commented 11 December 2014 at 07:57

Status:

Active

» Needs review

File	Size
encrypt-remove-config-2391165-0.patch	647 bytes

And here's the patch.

Comment #2

greggles

he/him

English

Denver, Colorado, USA

CreditAttribution: greggles commented 11 December 2014 at 14:19

I think this is a bit risky. In my brief time using the module our settings have changed. It was still possible to decrypt information because the options for decrypting were saved with the data.

Do you know of any drawback to this practice aside from storing potentially duplicate information? One idea would be to denormalize it so that there is an encryption profile stored in a table that is never deleted. Then encrypted data can refer to that profile. However, I think that given the nature of the module (that it doesn't know anything about storage of the output data) this is not really possible.

I think its up to consumers of the api to decide if they want to store that data or discard it before they store the data.

Comment #3

rlhawk

English

Seattle, Washington, United States

CreditAttribution: rlhawk commented 11 December 2014 at 17:08

Thanks for the feedback, Greg. I should have been more clear. I agree 100% that information needed to decrypt data should be stored with the data. This patch is solely to correct an unwanted side-effect of a commit from a week or so ago. All of the important data from the configuration (method, method settings, provider, and provider settings) continues to be stored, along with options. Storing all of the configuration data in the options is duplicative for the above four items and useless for the others (last modified date of the configuration, for instance).

Here's an example:

Without storing configuration details:

Array
(
    [text] => 5ekj+TWhURB/MYOkZM9Zb1oYot1bX3qmT4O072eckZ1sHBJ2DCqFKBXFp7kxy7k2Ho/nJL4mgAoUkTGMrPZZag==
    [method] => mcrypt_rij_256
    [key_provider] => file
    [options] => Array
        (
        )
    [method_settings] =>
    [provider_settings] => Array
        (
            [path] => ../private/keys
            [method] => file_contents
        )
)

With storing configuration details:

Array
(
    [text] => Muh61Z7A3yqblJjIavTx9qQ9uUX4X/16FBtCcXqUQ8ZiasYZxH2biualT/syuN4N0CmNxDYidkG95hR4CFktMg==
    [method] => mcrypt_rij_256
    [key_provider] => file
    [options] => Array
        (
            [config] => Array
                (
                    [name] => default
                    [label] => Default
                    [description] => The default configuration.
                    [method] => mcrypt_rij_256
                    [method_settings] =>
                    [provider] => file
                    [provider_settings] => Array
                        (
                            [path] => ../private/keys
                            [method] => file_contents
                        )
                    [enabled] => 1
                    [created] => 1418235942
                    [changed] => 1418315171
                )
        )
    [method_settings] =>
    [provider_settings] => Array
        (
            [path] => ../private/keys
            [method] => file_contents
        )
)

Comment #4

rlhawk

English

Seattle, Washington, United States

CreditAttribution: rlhawk commented 11 December 2014 at 17:10

It would be preferable to pass the configuration to the plugin's encryption function in a separate $config argument, rather than in $options, but I was reluctant to add a new argument. Looking at it again, though, it would almost certainly not be an issue.

For instance, the call to the encryption function, currently looks like this:
$processed = call_user_func($function, $op, $text, $key, $options);

With the addition of $config, it would look like this:
$processed = call_user_func($function, $op, $text, $key, $options, $config);

If someone has created a new method plugin that has a callback function that doesn't receive $config, it will be ignored. But method plugins that do need it can take advantage of it. This would be cleaner, I think, than shoehorning $config into $options. I'd appreciate any thoughts on the subject.