[Tickets #12041] Re: Authentication does not work any longer
noreply at bugs.horde.org
noreply at bugs.horde.org
Sun Feb 17 20:20:04 UTC 2013
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/12041
------------------------------------------------------------------------------
Ticket | 12041
Updated By | Michael Slusarz <slusarz at horde.org>
Summary | Authentication does not work any longer
Queue | Horde Base
Version | 5.0.4
Type | Bug
-State | Feedback
+State | Resolved
Priority | 1. Low
Milestone |
Patch |
-Owners |
+Owners | Michael Slusarz
------------------------------------------------------------------------------
Michael Slusarz <slusarz at horde.org> (2013-02-17 13:20) wrote:
Horde_Core 2.2.1
I see no need to support session IDs longer than 32 bytes at this
time. MD5 vs. other hashing methods shouldn't matter since we don't
care about the cryptographical properties of these hashing algorithms
- all we are doing is generating random token strings. So there is no
practical benefit of a longer session ID because a token is either
obtained in full or not.
Additionally, there are some assumptions built in to Horde code that
count on 32 byte (or less) session IDs. No need to do a full audit at
this time just to allow an increase in size.
More information about the bugs
mailing list