[Pkg-owncloud-commits] [owncloud] 42/75: make remember login token also dependent on password to protect against some brute force attacks on this token
David Prévot
taffit at alioth.debian.org
Fri Nov 8 23:08:37 UTC 2013
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to annotated tag v3.0.1
in repository owncloud.
commit b216ba71200b4e0593e6afde1a060daf465e7856
Author: Robin Appelman <icewind1991 at gmail.com>
Date: Wed Dec 14 13:26:34 2011 +0100
make remember login token also dependent on password to protect against some brute force attacks on this token
---
index.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/index.php b/index.php
index 4e1f5bc..6805e3a 100644
--- a/index.php
+++ b/index.php
@@ -88,7 +88,7 @@ else {
if(defined("DEBUG") && DEBUG) {
error_log("Setting remember login to cookie");
}
- $token = md5($_POST["user"].time());
+ $token = md5($_POST["user"].time().$_POST['password']);
OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
OC_User::setMagicInCookie($_POST["user"], $token);
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list