Commit 595c7c28 authored by Jean Michel Rouly's avatar Jean Michel Rouly
Browse files

Removed constant salt for usernames.

parent 83087b21
......@@ -52,6 +52,3 @@ ldap_domain = "ldaps://directory.gmu.edu:636"
# min_url_len: This is the minimum required length of
# a "short url" or url identifier.
min_url_len = 5
# hash_salt: This is the private salt used to salt cookie hashing.
hash_salt = "salty"
......@@ -39,7 +39,15 @@ def user_logged_in( environ ):
# Log in a user by placing a cookie on their machine and entering
# the related hash in a SQL database.
def generate_cookie( user ):
hashed_value = hashlib.sha512( user + goconfig.hash_salt ).hexdigest()
# generate a random 32-character salt
ALPHABET = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
chars=[]
for i in range(32):
chars.append( random.choice(ALPHABET) )
salt = "".join(chars)
# generate a randomized hash for this user
hashed_value = hashlib.sha512( user + salt ).hexdigest()
cookie = Cookie.SimpleCookie()
cookie["user"] = hashed_value
cookie["user"]["expires"] = ""
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment