Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Make authentication timing-safe | nashe | 2015-08-04 | 1 | -1/+2 |
| | | | | | | | Improve the authentication to make it timing-safe against bruteforce attacks. See code comments for more details on the implementation. | ||||
* | Improve coding style | nashe | 2015-08-03 | 1 | -7/+5 |
| | |||||
* | Avoid type juggling vulnerability. | nashe | 2015-08-03 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | | Password comparison should not be done with the `==` operator, but `===`, due to type juggling. References: * http://phpsadness.com/sad/47 * turbochaos.blogspot.fr/2013/08/exploiting-exotic-bugs-php-type-juggling. html ### Test case * Create an administrator with the password "240610708". * Try to login to the dashboard with the password "QNKCDZO" :-) | ||||
* | convert all files saved in Windows(CRLF) to Unix (LF) | Pascal Chevrel | 2012-03-09 | 1 | -2/+2 |
| | |||||
* | Use a centralized template for the admin section to avoid repeating html | Pascal Chevrel | 2012-03-06 | 1 | -5/+0 |
| | |||||
* | Initial commit | Maurice Svay | 2010-02-16 | 3 | -0/+17 |