Branch: refs/heads/master Home: https://github.com/phpmyadmin/phpmyadmin Commit: cd4d54395b13e612d351363b72550a36306ed4fa https://github.com/phpmyadmin/phpmyadmin/commit/cd4d54395b13e612d351363b7255... Author: Michal Čihař <michal@cihar.com> Date: 2014-06-12 (Thu, 12 Jun 2014) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php Log Message: ----------- Remove another reference to Blowfish Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 5f3b69908af021c20e8f5c8520a7b90f58ea67dd https://github.com/phpmyadmin/phpmyadmin/commit/5f3b69908af021c20e8f5c8520a7... Author: Michal Čihař <michal@cihar.com> Date: 2014-06-12 (Thu, 12 Jun 2014) Changed paths: M doc/config.rst Log Message: ----------- Document that we are using AES for encryption Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 5e51f178dd57e64e2cdad25b0e7f2f240c5227be https://github.com/phpmyadmin/phpmyadmin/commit/5e51f178dd57e64e2cdad25b0e7f... Author: Michal Čihař <michal@cihar.com> Date: 2014-06-12 (Thu, 12 Jun 2014) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php Log Message: ----------- Remove some blowfish mentions Signed-off-by: Michal Čihař <michal@cihar.com> Commit: da047efbd14a95ba20973efd829c73df5f9d2650 https://github.com/phpmyadmin/phpmyadmin/commit/da047efbd14a95ba20973efd829c... Author: Michal Čihař <michal@cihar.com> Date: 2014-06-12 (Thu, 12 Jun 2014) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php Log Message: ----------- Use random per session key for encrypting password This makes it impossible to decrypt cookies later if the key would be compromised. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: e433d8189bb9cf00a17602cf183334bbf8684fc9 https://github.com/phpmyadmin/phpmyadmin/commit/e433d8189bb9cf00a17602cf1833... Author: Michal Čihař <michal@cihar.com> Date: 2014-06-12 (Thu, 12 Jun 2014) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php Log Message: ----------- Use phpseclib for generating session encryption key Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 51d4d514f988f5d1461e03e6da6fd249b8354742 https://github.com/phpmyadmin/phpmyadmin/commit/51d4d514f988f5d1461e03e6da6f... Author: Michal Čihař <michal@cihar.com> Date: 2014-06-12 (Thu, 12 Jun 2014) Changed paths: M index.php M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php Log Message: ----------- Adjust tests to new encryption Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 234cfbf73f23027617c1c9764c61da9f118532d4 https://github.com/phpmyadmin/phpmyadmin/commit/234cfbf73f23027617c1c9764c61... Author: Michal Čihař <michal@cihar.com> Date: 2014-06-12 (Thu, 12 Jun 2014) Changed paths: M doc/setup.rst M libraries/config.default.php Log Message: ----------- Document AES usage Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 92a10d09683ffc9e3874ad5c1ed8298f73ec620e https://github.com/phpmyadmin/phpmyadmin/commit/92a10d09683ffc9e3874ad5c1ed8... Author: Michal Čihař <michal@cihar.com> Date: 2014-06-12 (Thu, 12 Jun 2014) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php Log Message: ----------- Factor out cookie storing to separate methods Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 209390c3f213558847bc88b93245f55a5d334016 https://github.com/phpmyadmin/phpmyadmin/commit/209390c3f213558847bc88b93245... Author: Michal Čihař <michal@cihar.com> Date: 2014-06-12 (Thu, 12 Jun 2014) Changed paths: M user_password.php Log Message: ----------- Properly store password in cookie when changing it Use auth plugin method to do that, otherwise it could not work properly with autogenerated blowfish_secret. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: bd4cccc03913111f1d0502ae1366ad00da4be275 https://github.com/phpmyadmin/phpmyadmin/commit/bd4cccc03913111f1d0502ae1366... Author: Michal Čihař <michal@cihar.com> Date: 2014-06-12 (Thu, 12 Jun 2014) Changed paths: M libraries/plugins/AuthenticationPlugin.class.php M libraries/plugins/auth/AuthenticationCookie.class.php M libraries/plugins/auth/AuthenticationHttp.class.php M user_password.php Log Message: ----------- Move password change handling to authenticaton plugins We should not care about plugin type while changing password, we should just notify it and the plugin should be responsible for anything needed. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: a7bc3a73a3375e58df0f263bd44c4f4ad6db767b https://github.com/phpmyadmin/phpmyadmin/commit/a7bc3a73a3375e58df0f263bd44c... Author: Michal Čihař <michal@cihar.com> Date: 2014-06-12 (Thu, 12 Jun 2014) Changed paths: M user_password.php Log Message: ----------- Do not pas arround empty $_url_params variable Signed-off-by: Michal Čihař <michal@cihar.com> Compare: https://github.com/phpmyadmin/phpmyadmin/compare/ceb77ce6d4fc...a7bc3a73a337