Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Ticket #407 (closed defect: fixed)

Opened 13 years ago

Last modified 12 years ago

[PATCH] TG_visit key not very secure

Reported by: alberto@… Owned by: anonymous
Priority: normal Milestone: 0.9
Component: Identity Version:
Severity: normal Keywords: visist identity key


As Egor Cheshkov pointed out  here, the visit key creation is not very secure as it only hashes the time of the visit. It could even lead to a duplicate keys on the very rare circumstance of two visits being created at the same time (which wouldn't be so rare on a busy, multithreaded, multiprocessor site). The following patch makes it more secure by taking into account the remoteHost:remotePort tuple plus a random() float.


visit.patch Download (1.1 KB) - added by alberto@… 13 years ago.
da' patch

Change History

Changed 13 years ago by alberto@…

da' patch

comment:1 Changed 13 years ago by kevin

  • Status changed from new to closed
  • Resolution set to fixed

committed in [534]. Thanks!

Note: See TracTickets for help on using tickets.