Branch: refs/heads/master Home: https://github.com/phpmyadmin/phpmyadmin Commit: cd4d54395b13e612d351363b72550a36306ed4fa https://github.com/phpmyadmin/phpmyadmin/commit/cd4d54395b13e612d351363b7255... Author: Michal Čihař michal@cihar.com Date: 2014-06-12 (Thu, 12 Jun 2014)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php
Log Message: ----------- Remove another reference to Blowfish
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 5f3b69908af021c20e8f5c8520a7b90f58ea67dd https://github.com/phpmyadmin/phpmyadmin/commit/5f3b69908af021c20e8f5c8520a7... Author: Michal Čihař michal@cihar.com Date: 2014-06-12 (Thu, 12 Jun 2014)
Changed paths: M doc/config.rst
Log Message: ----------- Document that we are using AES for encryption
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 5e51f178dd57e64e2cdad25b0e7f2f240c5227be https://github.com/phpmyadmin/phpmyadmin/commit/5e51f178dd57e64e2cdad25b0e7f... Author: Michal Čihař michal@cihar.com Date: 2014-06-12 (Thu, 12 Jun 2014)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php
Log Message: ----------- Remove some blowfish mentions
Signed-off-by: Michal Čihař michal@cihar.com
Commit: da047efbd14a95ba20973efd829c73df5f9d2650 https://github.com/phpmyadmin/phpmyadmin/commit/da047efbd14a95ba20973efd829c... Author: Michal Čihař michal@cihar.com Date: 2014-06-12 (Thu, 12 Jun 2014)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php
Log Message: ----------- Use random per session key for encrypting password
This makes it impossible to decrypt cookies later if the key would be compromised.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: e433d8189bb9cf00a17602cf183334bbf8684fc9 https://github.com/phpmyadmin/phpmyadmin/commit/e433d8189bb9cf00a17602cf1833... Author: Michal Čihař michal@cihar.com Date: 2014-06-12 (Thu, 12 Jun 2014)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php
Log Message: ----------- Use phpseclib for generating session encryption key
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 51d4d514f988f5d1461e03e6da6fd249b8354742 https://github.com/phpmyadmin/phpmyadmin/commit/51d4d514f988f5d1461e03e6da6f... Author: Michal Čihař michal@cihar.com Date: 2014-06-12 (Thu, 12 Jun 2014)
Changed paths: M index.php M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php
Log Message: ----------- Adjust tests to new encryption
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 234cfbf73f23027617c1c9764c61da9f118532d4 https://github.com/phpmyadmin/phpmyadmin/commit/234cfbf73f23027617c1c9764c61... Author: Michal Čihař michal@cihar.com Date: 2014-06-12 (Thu, 12 Jun 2014)
Changed paths: M doc/setup.rst M libraries/config.default.php
Log Message: ----------- Document AES usage
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 92a10d09683ffc9e3874ad5c1ed8298f73ec620e https://github.com/phpmyadmin/phpmyadmin/commit/92a10d09683ffc9e3874ad5c1ed8... Author: Michal Čihař michal@cihar.com Date: 2014-06-12 (Thu, 12 Jun 2014)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php
Log Message: ----------- Factor out cookie storing to separate methods
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 209390c3f213558847bc88b93245f55a5d334016 https://github.com/phpmyadmin/phpmyadmin/commit/209390c3f213558847bc88b93245... Author: Michal Čihař michal@cihar.com Date: 2014-06-12 (Thu, 12 Jun 2014)
Changed paths: M user_password.php
Log Message: ----------- Properly store password in cookie when changing it
Use auth plugin method to do that, otherwise it could not work properly with autogenerated blowfish_secret.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: bd4cccc03913111f1d0502ae1366ad00da4be275 https://github.com/phpmyadmin/phpmyadmin/commit/bd4cccc03913111f1d0502ae1366... Author: Michal Čihař michal@cihar.com Date: 2014-06-12 (Thu, 12 Jun 2014)
Changed paths: M libraries/plugins/AuthenticationPlugin.class.php M libraries/plugins/auth/AuthenticationCookie.class.php M libraries/plugins/auth/AuthenticationHttp.class.php M user_password.php
Log Message: ----------- Move password change handling to authenticaton plugins
We should not care about plugin type while changing password, we should just notify it and the plugin should be responsible for anything needed.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: a7bc3a73a3375e58df0f263bd44c4f4ad6db767b https://github.com/phpmyadmin/phpmyadmin/commit/a7bc3a73a3375e58df0f263bd44c... Author: Michal Čihař michal@cihar.com Date: 2014-06-12 (Thu, 12 Jun 2014)
Changed paths: M user_password.php
Log Message: ----------- Do not pas arround empty $_url_params variable
Signed-off-by: Michal Čihař michal@cihar.com
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/ceb77ce6d4fc...a7bc3a73a337
-
Michal Čihař