diff options
| author | Dylan William Hardison <dylan@mozilla.com> | 2015-08-04 08:07:22 +0200 |
|---|---|---|
| committer | Byron Jones <glob@mozilla.com> | 2015-08-04 08:07:22 +0200 |
| commit | 0cc42e2941f2f280b6924f5cd90dd5c144b4e601 (patch) | |
| tree | d3723bbafe8652cbb8e691f8c17e51271359d232 /Bugzilla | |
| parent | 0565d657ea0021c160f9ec0806455e9ea7465dc9 (diff) | |
| download | bugzilla-0cc42e2941f2f280b6924f5cd90dd5c144b4e601.tar.gz bugzilla-0cc42e2941f2f280b6924f5cd90dd5c144b4e601.tar.xz | |
Bug 1188339 - Backport upstream bug 1179856 (Increase length of all tokens value for greater security)
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Token.pm | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index 7edcd4226..b7227144f 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -49,6 +49,11 @@ use base qw(Exporter); check_token_data delete_token issue_hash_token check_hash_token); +# 128 bits password: +# 128 * log10(2) / log10(62) = 21.49, round up to 22. +# 62 = 0-9, a-z, A-Z. +use constant TOKEN_LENGTH => 22; + ################################################################################ # Public Functions ################################################################################ @@ -307,7 +312,7 @@ sub GenerateUniqueToken { if ($tries > 100) { ThrowCodeError("token_generation_error"); } - $token = generate_random_password(); + $token = generate_random_password(TOKEN_LENGTH); $sth->execute($token); $duplicate = $sth->fetchrow_array; } |