Visit tracking is insecure
0 visualizzazioni
Passa al primo messaggio da leggere
Egor Cheshkov
12 gen 2006, 18:32:4612/01/06
a TurboGears
Hello!
Since visit tracking hash is based only on current timestamp, it can be easyly guessed. We should use something more random to generate visit cookie hash, for example:
visit_key= sha.new(" ".join(str(time.time ()), str(random.random()), cherrypy.request.remoteAddr)).hexdigest()
Egor.
Since visit tracking hash is based only on current timestamp, it can be easyly guessed. We should use something more random to generate visit cookie hash, for example:
visit_key= sha.new(" ".join(str(time.time ()), str(random.random()), cherrypy.request.remoteAddr)).hexdigest()
Egor.
Rispondi a tutti
Rispondi all'autore
Inoltra
0 nuovi messaggi