summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@mozilla.com>2015-08-04 08:07:22 +0200
committerByron Jones <glob@mozilla.com>2015-08-04 08:07:22 +0200
commit0cc42e2941f2f280b6924f5cd90dd5c144b4e601 (patch)
treed3723bbafe8652cbb8e691f8c17e51271359d232 /Bugzilla
parent0565d657ea0021c160f9ec0806455e9ea7465dc9 (diff)
downloadbugzilla-0cc42e2941f2f280b6924f5cd90dd5c144b4e601.tar.gz
bugzilla-0cc42e2941f2f280b6924f5cd90dd5c144b4e601.tar.xz
Bug 1188339 - Backport upstream bug 1179856 (Increase length of all tokens value for greater security)
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Token.pm7
1 files changed, 6 insertions, 1 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index 7edcd4226..b7227144f 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -49,6 +49,11 @@ use base qw(Exporter);
check_token_data delete_token
issue_hash_token check_hash_token);
+# 128 bits password:
+# 128 * log10(2) / log10(62) = 21.49, round up to 22.
+# 62 = 0-9, a-z, A-Z.
+use constant TOKEN_LENGTH => 22;
+
################################################################################
# Public Functions
################################################################################
@@ -307,7 +312,7 @@ sub GenerateUniqueToken {
if ($tries > 100) {
ThrowCodeError("token_generation_error");
}
- $token = generate_random_password();
+ $token = generate_random_password(TOKEN_LENGTH);
$sth->execute($token);
$duplicate = $sth->fetchrow_array;
}