[presentations] 02/03: Add gbrowse security example.
Chris Lamb
chris at chris-lamb.co.uk
Fri Aug 11 16:29:05 UTC 2017
This is an automated email from the git hooks/post-receive script.
lamby pushed a commit to branch master
in repository presentations.
commit 18992e0a36315f1b72077e3855a5702515495dce
Author: Chris Lamb <lamby at debian.org>
Date: Fri Aug 11 12:26:35 2017 -0400
Add gbrowse security example.
---
2017-08-11-DebConf17/index.html | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/2017-08-11-DebConf17/index.html b/2017-08-11-DebConf17/index.html
index 62ba01e..404fcce 100644
--- a/2017-08-11-DebConf17/index.html
+++ b/2017-08-11-DebConf17/index.html
@@ -93,6 +93,31 @@
</ul>
</section>
+ <section>
+ <h3>Predictable OpenID secret</h3>
+
+<pre class="fragment"><code># Build.PL
+$build->config_data(OpenIDConsumerSecret=>int(1e15*rand()));
+</code></pre>
+
+<pre class="fragment"><code># /usr/share/perl5/GBrowse/ConfigData.pm
+{
+ 'OpenIDConsumerSecret' => '639098210478536',
+ 'cgibin' => '/usr/lib/cgi-bin/gbrowse',
+ 'conf' => '/etc/gbrowse',
+ [..]
+},
+</code></pre>
+
+ <ul>
+ <li class="fragment">Every installation of shares the same secret.</li>
+ </ul>
+
+ <p class="fragment">
+ <a href="https://bugs.debian.org/833885">#833885 (gbrowse)</a>
+ </p>
+ </section>
+
<!-- ----------------------------------------------------------------- -->
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/presentations.git
More information about the Reproducible-commits
mailing list