Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Ticket #407 (closed defect: fixed)

Opened 13 years ago

Last modified 12 years ago

[PATCH] TG_visit key not very secure

Reported by: alberto@… Owned by: anonymous
Priority: normal Milestone: 0.9
Component: Identity Version:
Severity: normal Keywords: visist identity key
Cc:

Description

As Egor Cheshkov pointed out  here, the visit key creation is not very secure as it only hashes the time of the visit. It could even lead to a duplicate keys on the very rare circumstance of two visits being created at the same time (which wouldn't be so rare on a busy, multithreaded, multiprocessor site). The following patch makes it more secure by taking into account the remoteHost:remotePort tuple plus a random() float.

Attachments

visit.patch Download (1.1 KB) - added by alberto@… 13 years ago.
da' patch

Change History

Changed 13 years ago by alberto@…

da' patch

comment:1 Changed 13 years ago by kevin

  • Status changed from new to closed
  • Resolution set to fixed

committed in [534]. Thanks!

Note: See TracTickets for help on using tickets.