[Phpmyadmin-git] [phpmyadmin/phpmyadmin] b252cb: Use better source of entropy for mcrypt IV

12 Jun 2014


      Branch: refs/heads/QA_4_2
  Home:   https://github.com/phpmyadmin/phpmyadmin
  Commit: b252cb99812f33f76a27e596fa559a14c5a4b6e6
      https://github.com/phpmyadmin/phpmyadmin/commit/b252cb99812f33f76a27e596fa55...
  Author: Michal Čihař michal@cihar.com
  Date:   2014-06-12 (Thu, 12 Jun 2014)
Changed paths:
    M libraries/plugins/auth/AuthenticationCookie.class.php
Log Message:
  -----------
  Use better source of entropy for mcrypt IV
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 7cba81de271d62bdf93ded7598709702a96f92d7
      https://github.com/phpmyadmin/phpmyadmin/commit/7cba81de271d62bdf93ded759870...
  Author: Michal Čihař michal@cihar.com
  Date:   2014-06-12 (Thu, 12 Jun 2014)
Changed paths:
    M ChangeLog
    M libraries/plugins/auth/AuthenticationCookie.class.php
Log Message:
  -----------
  Regenerate cookie encryption IV for every session
The IV for cookie encryption was generated just once for every browser
and kept in a cookie. Generating it for every session is much better to
avoid information leaks (eg. that same user has logged in).
Signed-off-by: Michal Čihař michal@cihar.com
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/59bb241cf13f...7cba81de271d

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[Phpmyadmin-git] [phpmyadmin/phpmyadmin] b252cb: Use better source of entropy for mcrypt IV