diff options
| author | Dylan William Hardison <dylan@hardison.net> | 2015-07-28 22:21:26 +0200 |
|---|---|---|
| committer | Dylan William Hardison <dylan@hardison.net> | 2015-07-28 22:22:46 +0200 |
| commit | d373bb13a51a74ef77cf800fdc77a30ab9ac9d17 (patch) | |
| tree | 9ae31b14571bd333aebe2c89da85717f69af954e /Bugzilla/Token.pm | |
| parent | 19a2ebacc37a7b3990e5bfd0288a1f7d332a665f (diff) | |
| download | bugzilla-d373bb13a51a74ef77cf800fdc77a30ab9ac9d17.tar.gz bugzilla-d373bb13a51a74ef77cf800fdc77a30ab9ac9d17.tar.xz | |
Bug 1179856 - Increase length of logincookie value for greater security
r=gerv,a=sgreen
Diffstat (limited to 'Bugzilla/Token.pm')
| -rw-r--r-- | Bugzilla/Token.pm | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index 1f8e7bc17..67a201b53 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -29,6 +29,11 @@ use parent qw(Exporter); check_token_data delete_token issue_hash_token check_hash_token); +# 128 bits password: +# 128 * log10(2) / log10(62) = 21.49, round up to 22. +# 62 = 0-9, a-z, A-Z. +use constant TOKEN_LENGTH => 22; + ################################################################################ # Public Functions ################################################################################ @@ -289,7 +294,7 @@ sub GenerateUniqueToken { if ($tries > 100) { ThrowCodeError("token_generation_error"); } - $token = generate_random_password(); + $token = generate_random_password(TOKEN_LENGTH); $sth->execute($token); $duplicate = $sth->fetchrow_array; } |