Bug 1188339 - Backport upstream bug 1179856 (Increase length of all tokens value for greater security)

author: Dylan William Hardison <dylan@mozilla.com> 2015-08-04 08:07:22 +0200
committer: Byron Jones <glob@mozilla.com> 2015-08-04 08:07:22 +0200
commit: 0cc42e2941f2f280b6924f5cd90dd5c144b4e601 (patch)
tree: d3723bbafe8652cbb8e691f8c17e51271359d232 /Bugzilla/Token.pm
parent: 0565d657ea0021c160f9ec0806455e9ea7465dc9 (diff)
download: bugzilla-0cc42e2941f2f280b6924f5cd90dd5c144b4e601.tar.gz
bugzilla-0cc42e2941f2f280b6924f5cd90dd5c144b4e601.tar.xz
1 files changed, 6 insertions, 1 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index 7edcd4226..b7227144f 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -49,6 +49,11 @@ use base qw(Exporter);
                               check_token_data delete_token
                               issue_hash_token check_hash_token);
 
+# 128 bits password:
+# 128 * log10(2) / log10(62) = 21.49, round up to 22.
+# 62 = 0-9, a-z, A-Z.
+use constant TOKEN_LENGTH => 22;
+
 ################################################################################
 # Public Functions
 ################################################################################
@@ -307,7 +312,7 @@ sub GenerateUniqueToken {
         if ($tries > 100) {
             ThrowCodeError("token_generation_error");
         }
-        $token = generate_random_password();
+        $token = generate_random_password(TOKEN_LENGTH);
         $sth->execute($token);
         $duplicate = $sth->fetchrow_array;
     }
author	Dylan William Hardison <dylan@mozilla.com>	2015-08-04 08:07:22 +0200
committer	Byron Jones <glob@mozilla.com>	2015-08-04 08:07:22 +0200
commit	0cc42e2941f2f280b6924f5cd90dd5c144b4e601 (patch)
tree	d3723bbafe8652cbb8e691f8c17e51271359d232 /Bugzilla/Token.pm
parent	0565d657ea0021c160f9ec0806455e9ea7465dc9 (diff)
download	bugzilla-0cc42e2941f2f280b6924f5cd90dd5c144b4e601.tar.gz bugzilla-0cc42e2941f2f280b6924f5cd90dd5c144b4e601.tar.xz