[Phpmyadmin-git] [phpmyadmin/phpmyadmin] b252cb: Use better source of entropy for mcrypt IV
Michal Čihař
michal at cihar.com
Thu Jun 12 09:43:51 CEST 2014
Branch: refs/heads/QA_4_2
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: b252cb99812f33f76a27e596fa559a14c5a4b6e6
https://github.com/phpmyadmin/phpmyadmin/commit/b252cb99812f33f76a27e596fa559a14c5a4b6e6
Author: Michal Čihař <michal at cihar.com>
Date: 2014-06-12 (Thu, 12 Jun 2014)
Changed paths:
M libraries/plugins/auth/AuthenticationCookie.class.php
Log Message:
-----------
Use better source of entropy for mcrypt IV
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 7cba81de271d62bdf93ded7598709702a96f92d7
https://github.com/phpmyadmin/phpmyadmin/commit/7cba81de271d62bdf93ded7598709702a96f92d7
Author: Michal Čihař <michal at cihar.com>
Date: 2014-06-12 (Thu, 12 Jun 2014)
Changed paths:
M ChangeLog
M libraries/plugins/auth/AuthenticationCookie.class.php
Log Message:
-----------
Regenerate cookie encryption IV for every session
The IV for cookie encryption was generated just once for every browser
and kept in a cookie. Generating it for every session is much better to
avoid information leaks (eg. that same user has logged in).
Signed-off-by: Michal Čihař <michal at cihar.com>
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/59bb241cf13f...7cba81de271d
More information about the Git
mailing list