Branch: refs/heads/QA_4_2
Home:
https://github.com/phpmyadmin/phpmyadmin
Commit: b252cb99812f33f76a27e596fa559a14c5a4b6e6
https://github.com/phpmyadmin/phpmyadmin/commit/b252cb99812f33f76a27e596fa5…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2014-06-12 (Thu, 12 Jun 2014)
Changed paths:
M libraries/plugins/auth/AuthenticationCookie.class.php
Log Message:
-----------
Use better source of entropy for mcrypt IV
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 7cba81de271d62bdf93ded7598709702a96f92d7
https://github.com/phpmyadmin/phpmyadmin/commit/7cba81de271d62bdf93ded75987…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2014-06-12 (Thu, 12 Jun 2014)
Changed paths:
M ChangeLog
M libraries/plugins/auth/AuthenticationCookie.class.php
Log Message:
-----------
Regenerate cookie encryption IV for every session
The IV for cookie encryption was generated just once for every browser
and kept in a cookie. Generating it for every session is much better to
avoid information leaks (eg. that same user has logged in).
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Compare:
https://github.com/phpmyadmin/phpmyadmin/compare/59bb241cf13f...7cba81de271d