diff options
author | Buchan Milne <buchan@mageia.org> | 2010-11-03 09:17:19 +0000 |
---|---|---|
committer | Buchan Milne <buchan@mageia.org> | 2010-11-03 09:17:19 +0000 |
commit | 3dbf3dc41d0534e552118eed3d3b3ecfb72f6032 (patch) | |
tree | dde56c59d9ae516a7cf27408831b5c7b84db537d /t/controller_admin.t | |
parent | 1b9ef58ce697235ef6e6ac4e71f15603e949155f (diff) | |
download | identity-3dbf3dc41d0534e552118eed3d3b3ecfb72f6032.tar identity-3dbf3dc41d0534e552118eed3d3b3ecfb72f6032.tar.gz identity-3dbf3dc41d0534e552118eed3d3b3ecfb72f6032.tar.bz2 identity-3dbf3dc41d0534e552118eed3d3b3ecfb72f6032.tar.xz identity-3dbf3dc41d0534e552118eed3d3b3ecfb72f6032.zip |
Use a generated UUID stored in a cookie, instead of the session key, as a portion
of the encryption key we use to encrypt the password for storage in the session.
It should now be more or less impossible for an attacker to get the password, as
they need access to the browser and the server.
Diffstat (limited to 't/controller_admin.t')
0 files changed, 0 insertions, 0 deletions