View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000511 | Composr | [All Projects] General / Uncategorised | public | 2012-05-27 12:59 | 2012-05-27 12:59 |
| Reporter | Chris Graham | Assigned To | Chris Graham | ||
| Severity | Minor-bug | ||||
| Status | resolved | Resolution | fixed | ||
| Product Version | |||||
| Fixed in Version | |||||
| Summary | 0000511: Reduce chance of brute force attacks against session generation | ||||
| Description | Sessions are generated using mt_rand, seeded via a combination of uniqid and microtime. Some juggling is done, but the only dominant factor is microtime. That means in theory the number of guesses to guess a session are reduced. It is still a huge number, and IP address restriction is in place, but it is better we lay on additional defences here. So, use openssl_random_pseudo_bytes if it is available. | ||||
| Tags | No tags attached. | ||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
|
|
Fixed in git commit 4064eae (https://github.com/chrisgraham/Composr/commit/4064eae) A hotfix (a TAR of files to upload) have been uploaded to this issue. These files are made to the latest intra-version state (i.e. may roll in earlier fixes too if made to the same files) - so only upload files newer than what you have already. Always take backups of files you are replacing, and only apply fixes you need. These hotfixes are not necessarily reliable or well supported. hotfix-511, 2012-05-27 1pm.tar (153,600 bytes) |
|
|
Automated response: openssl_random_pseudo_bytes slow on windows Have to not run openssl_random_pseudo_bytes on Windows unfortunately - define special case. |
|
|
Fixed in git commit 9dd7eb3 (https://github.com/chrisgraham/Composr/commit/9dd7eb3) A hotfix (a TAR of files to upload) have been uploaded to this issue. These files are made to the latest intra-version state (i.e. may roll in earlier fixes too if made to the same files) - so only upload files newer than what you have already. Always take backups of files you are replacing, and only apply fixes you need. These hotfixes are not necessarily reliable or well supported. hotfix-511, 2012-05-27 3pm.tar (71,680 bytes) |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2023-02-26 18:29 | Chris Graham | Category | General => General / Uncategorised |
