http://coldfusion.com logo
Join Slack
Powered by
Hello! Hope someone can lend a hand. I implemente...
# fw1
r
Hello! Hope someone can lend a hand. I implemented security features based on https://github.com/ddspringle/framework-one-secure-auth by Denard Springle. All worked great until our CF JDK was upgraded from jdk-11.0.15 to jdk-15.0.1 Now we get an error "The BLOWFISH/CTR/PKCS5Padding algorithm is not supported by the Security Provider you have chosen." Any advice on how to fix would be greatly appreciated. 
// master
case 'master': // using master encryption, encrypt with the master key onePass = encrypt( arguments.value, variables.masterKey, 'AES/CBC/PKCS5Padding', 'HEX' ); lastPass = encrypt( onePass, variables.masterKey, 'BLOWFISH/CTR/PKCS5Padding', 'HEX' ); break;
s
You don't say which CF version you're using but JDK 15 is not a supported version for any released version of CF as far as I know. Pretty sure only JDK 11 is officially supported.
(and since JDK 15 isn't even an LTS version, I would strongly advise not using it in production -- if you're upgrading from JDK 11, I'd look to JDK 17 but, again, that's not a supported JDK for any version of ACF yet)
r
We're on CF2018 - and thank you very much! I'll ask to have it rolled back to 11
s
It's also possible your IT folks had configured security for your JDK 11 setup/added crypto JARs -- but then forgot to do identical setup on JDK 15?
r
Thanks, that's a good thought. I have to find were it is documented 11 is the supported version just to show the powers that be. Thanks again! PS - I just convinced my boss to let me roll out a small app with FW/1 with a goal to slowly roll our legacy code in. Making good progress and like it a lot so far. not sure best way to incorporate our DAOs and Gateways. I'm simply add then as an object right now in the service component, but it feel wrong.
s
"DAOs and Gateways" are overrated. I recommend not splitting them apart, TBH. I wrote a long article about it for Fusion Authority years ago but I don't know if it's still around anywhere.
https://corfield.org/articles/beans_etc.pdf -- it's missing the graphics but hopefully should make sense just as pure text.
d
I expanded the idea of DAO to DAL (data access layer) and that way it becomes transparent to whether you're hitting a db or a webservice or a file and can be as specific or general with how you call the provider (ie: dal.get('users') from facebook or dal.get('users') from db it's the same call abstracted.
r
Sean, Thanks I stumbled on that article several weeks back, it's a good and informative read. dawesi, great idea! Thank you both!
Open in Slack
PreviousNext
Powered by