[Phpmyadmin-git] [phpmyadmin/phpmyadmin] b252cb: Use better source of entropy for mcrypt IV
Branch: refs/heads/QA_4_2 Home: https://github.com/phpmyadmin/phpmyadmin Commit: b252cb99812f33f76a27e596fa559a14c5a4b6e6 https://github.com/phpmyadmin/phpmyadmin/commit/b252cb99812f33f76a27e596fa55... Author: Michal Čihař <michal@cihar.com> Date: 2014-06-12 (Thu, 12 Jun 2014) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php Log Message: ----------- Use better source of entropy for mcrypt IV Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 7cba81de271d62bdf93ded7598709702a96f92d7 https://github.com/phpmyadmin/phpmyadmin/commit/7cba81de271d62bdf93ded759870... Author: Michal Čihař <michal@cihar.com> Date: 2014-06-12 (Thu, 12 Jun 2014) Changed paths: M ChangeLog M libraries/plugins/auth/AuthenticationCookie.class.php Log Message: ----------- Regenerate cookie encryption IV for every session The IV for cookie encryption was generated just once for every browser and kept in a cookie. Generating it for every session is much better to avoid information leaks (eg. that same user has logged in). Signed-off-by: Michal Čihař <michal@cihar.com> Compare: https://github.com/phpmyadmin/phpmyadmin/compare/59bb241cf13f...7cba81de271d
participants (1)
-
Michal Čihař