Mirrors/fish-shell
2
0
Fork 0
mirror of https://github.com/fish-shell/fish-shell synced 2025-01-13 05:28:49 +00:00
Code Issues Projects Releases Packages Wiki Activity

webconfig: fixes for token security

Browse source 
* Use 16-byte tokens
 * Use os.urandom (random.getrandbits shouldn't be used for security)
 * Convert to hex correctly
This commit is contained in:
Andy Lutomirski 2014-08-11 17:51:27 -07:00 committed by David Adam
parent aaddccfdb1
commit 9079ec459c
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
share/tools/web_config/webconfig.py
View file

@ -26,7 +26,7 @@ if term:
os.environ['TERM'] = term
import subprocess
import re, socket, cgi, select, time, glob, random, string
import re, socket, cgi, select, time, glob, random, string, binascii
try:
import json
except ImportError:
@ -859,7 +859,7 @@ where = os.path.dirname(sys.argv[0])
os.chdir(where)
# Generate a 16-byte random key as a hexadecimal string
authkey = hex(random.getrandbits(16*4))[2:]
authkey = binascii.b2a_hex(os.urandom(16))
# Try to find a suitable port
PORT = 8000