Visit tracking is insecure
0 vistas
Ir al primer mensaje no leído
Egor Cheshkov
12 ene 2006, 6:32:46 p.m.12/1/2006
para TurboGears
Hello!
Since visit tracking hash is based only on current timestamp, it can be easyly guessed. We should use something more random to generate visit cookie hash, for example:
visit_key= sha.new(" ".join(str(time.time ()), str(random.random()), cherrypy.request.remoteAddr)).hexdigest()
Egor.
Since visit tracking hash is based only on current timestamp, it can be easyly guessed. We should use something more random to generate visit cookie hash, for example:
visit_key= sha.new(" ".join(str(time.time ()), str(random.random()), cherrypy.request.remoteAddr)).hexdigest()
Egor.
Responder a todos
Responder al autor
Reenviar
0 mensajes nuevos