github-mirror/fish-shell
2
0
Fork 0
mirror of https://github.com/fish-shell/fish-shell.git synced 2025-02-18 07:12:46 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

webconfig: fixes for token security

Browse Source 
* Use 16-byte tokens
 * Use os.urandom (random.getrandbits shouldn't be used for security)
 * Convert to hex correctly
This commit is contained in:
Andy Lutomirski 2014-08-11 17:51:27 -07:00 committed by David Adam
parent 78e2b7cc08
commit 3e2d68a059
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
share/tools/web_config/webconfig.py
View File

@ -17,7 +17,7 @@ else:
from urllib.parse import parse_qs
import webbrowser
import subprocess
import re, socket, os, sys, cgi, select, time, glob, random, string
import re, socket, os, sys, cgi, select, time, glob, random, string, binascii
try:
import json
except ImportError:
@ -654,7 +654,7 @@ where = os.path.dirname(sys.argv[0])
os.chdir(where)
# Generate a 16-byte random key as a hexadecimal string
authkey = hex(random.getrandbits(16*4))[2:]
authkey = binascii.b2a_hex(os.urandom(16))
# Try to find a suitable port
PORT = 8000